CVE-2007-5701
IBM Lotus Domino < 7.0.3 - Unauthenticated Sensitive Information Exposure via CA Command Uppercase Bypass
Title source: llmDescription
Incomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 7.0.3 allows local users, or attackers with physical access, to obtain sensitive information (passwords) when an administrator enters a "ca activate" or "ca unlock" command with any uppercase character, which bypasses a blacklist designed to suppress password logging, resulting in cleartext password disclosure in the console log and Admin panel.
References (6)
Core 6
Core References
Patch x_refsource_confirm
http://www-1.ibm.com/support/docview.wss?uid=swg21261095
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/37372
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3598
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/40952
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26176
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27321
Scores
EPSS
0.0021
EPSS Percentile
10.6%
Details
CWE
CWE-200
CWE-310
Status
published
Products (4)
ibm/lotus_domino
6.5.5 (4 CPE variants)
ibm/lotus_domino
6.5.6 (2 CPE variants)
ibm/lotus_domino
7.0
ibm/lotus_domino
7.0.2 (3 CPE variants)
Published
Oct 29, 2007
Tracked Since
Feb 18, 2026