CVE-2007-4309

Severity

35%

Complexity

68%

Confidentiality

48%

IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote authenticated administrators to obtain a cleartext notes.id password by setting the notes.ini (1) KFM_ShowEntropy and (2) Debug_Outfile debug variables, a different vulnerability than CVE-2005-2696.

IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote authenticated administrators to obtain a cleartext notes.id password by setting the notes.ini (1) KFM_ShowEntropy and (2) Debug_Outfile debug variables, a different vulnerability than CVE-2005-2696.

CVSS 2.0 Base Score 3.5. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N).

Overview

Type

IBM Lotus Notes

First reported 17 years ago

2007-08-13 21:17:00

Last updated 16 years ago

2008-09-05 21:27:00

Affected Software

IBM Lotus Notes 5.0

5.0

IBM Lotus Notes 6.0

6.0

IBM Lotus Notes 7.0

7.0

IBM Lotus Notes 7.0.1

7.0.1

IBM Lotus Notes 7.0.2

7.0.2

References

1018433

http://www.heise-security.co.uk/news/92958

http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21266085

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.