OSVDB ID: 40952

Title: IBM Lotus Domino Certificate Authority (CA) Local Cleartext Password Disclosure

Info

Disclosure

Oct 23, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Classification

Location: Local Access Required
Attack Type: Cryptographic, Information Disclosure
Impact: Loss of Confidentiality
Solution: Workaround, Upgrade
Disclosure: Vendor Verified

Solution

Upgrade to version 7.0.3, 8.0 or higher, as it has been reported to fix this vulnerability. It is also possible to temporarily work around the flaw by implementing the following workaround: In prior releases, enter CA "activate" or "unlock" commands on the console using all lowercase.

Products

Unknown or Incomplete

References

CVE ID: 2007-5701 (see also: NVD)
Bugtraq ID: 26176
Secunia Advisory ID: 27321
ISS X-Force ID: 37372
Related OSVDB ID: 40951 40953
VUPEN Advisory: ADV-2007-3598
Vendor Specific News/Changelog Entry: http://www-1.ibm.com/support/docview.wss?uid=swg21261095

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/40952