CVE-2007-5701

IBM Lotus Domino < 7.0.3 - Unauthenticated Sensitive Information Exposure via CA Command Uppercase Bypass

Title source: llm
STIX 2.1

Description

Incomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 7.0.3 allows local users, or attackers with physical access, to obtain sensitive information (passwords) when an administrator enters a "ca activate" or "ca unlock" command with any uppercase character, which bypasses a blacklist designed to suppress password logging, resulting in cleartext password disclosure in the console log and Admin panel.

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/37372
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3598
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/40952
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/26176
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27321

Scores

EPSS 0.0021
EPSS Percentile 10.6%

Details

CWE
CWE-200 CWE-310
Status published
Products (4)
ibm/lotus_domino 6.5.5 (4 CPE variants)
ibm/lotus_domino 6.5.6 (2 CPE variants)
ibm/lotus_domino 7.0
ibm/lotus_domino 7.0.2 (3 CPE variants)
Published Oct 29, 2007
Tracked Since Feb 18, 2026