IBM Notes 8.5 < 8.5.3 IF4 HF2 / 9.0 < 9.0 IF2 Password Disclosure

This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.


Synopsis :

The remote host has software installed that is affected by an
information disclosure vulnerability.

Description :

The remote host has a version of Lotus Notes 8.5.x earlier than 8.5.3
Fix Pack 4 Interim Fix 2 or 9.0 earlier than Interim Fix 2. As such,
it is potentially affected by an information disclosure vulnerability.
IBM Notes may fail to zero the plaintext password within memory,
leaving the plaintext password accessible to an attacker with the
ability to access memory on the user's local workstation.

See also :

http://www.nessus.org/u?9823bbd2
https://www-304.ibm.com/support/docview.wss?uid=swg21636154

Solution :

Upgrade to IBM Notes 8.5.3 FP4 Interim Fix 2 / 9.0 Interim Fix 2 or
later.

Risk factor :

Low / CVSS Base Score : 1.9
(CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 1.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 66942 ()

Bugtraq ID: 60536

CVE ID: CVE-2013-0534

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now