CVE-2007-5701 Information

Description

Incomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 7.0.3 allows local users or attackers with physical access to obtain sensitive information (passwords) when an administrator enters a \ca activate\ or \ca unlock\ command with any uppercase character which bypasses a blacklist designed to suppress password logging resulting in cleartext password disclosure in the console log and Admin panel.

Reference

http://osvdb.org/40952 http://secunia.com/advisories/27321 http://www.securityfocus.com/bid/26176 http://www.vupen.com/english/advisories/2007/3598 http://www-1.ibm.com/support/docview.wss?uid=swg21261095 https://exchange.xforce.ibmcloud.com/vulnerabilities/37372