CVE-2016-0270

MEDIUM

IBM Domino 9.0.1 FP3-5 IF1 - Auth Bypass

Title source: llm

Description

IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack." NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue.

References (7)

[Mitigation, Patch, Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg21979604

[Mitigation, Patch, Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg21979669

[Mitigation, Patch, Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg21979673

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/96062

[Third Party Advisory] https://github.com/nonce-disrespect/nonce-disrespect

View Writeup ZIP pw:eip

[Vendor Advisory] https://support.citrix.com/article/CTX220329

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1037795

Scores

CVSS v3 5.9

EPSS 0.0054

EPSS Percentile 67.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status published

Affected Products (8)

ibm/client_application_access

ibm/domino

ibm/domino

ibm/domino

ibm/notes

ibm/notes

ibm/notes

n/a/n/a

Timeline

Published Feb 08, 2017

Tracked Since Feb 18, 2026