Vigil@nce - IBM Notes: password disclosure via Client Single Logon
May 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
When Notes Client Single Logon is enabled, a local attacker can
obtain the IBM Lotus Notes user’s password.
– Impacted products: Notes
– Severity: 2/4
– Creation date: 14/05/2013
DESCRIPTION OF THE VULNERABILITY
The Notes Client Single Logon feature is used to synchronize the
Windows and IBM Lotus Notes passwords.
However, a local attacker can capture the password. Technical
details are unknown.
When Notes Client Single Logon is enabled, a local attacker can
therefore obtain the IBM Lotus Notes user’s password.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/IBM-Notes-password-disclosure-via-Client-Single-Logon-12792