Detections
Analytics

IBM Lotus Sametime Connect Audio / Video Chat Information Disclosure

low Nessus Plugin ID 72880

Language:

Synopsis

The remote Windows host has a chat client that is affected by an information disclosure vulnerability.

Description

The version of IBM Lotus Sametime Connect installed on the remote Windows host is potentially affected by an information disclosure vulnerability. If a user sets a certain log flag to high and uses Audio/Video chat, the user's password is stored in plaintext (unencrypted).

Solution

Apply the patch referenced in the advisory.

See Also

https://www-304.ibm.com/support/docview.wss?uid=swg21665658

http://www.nessus.org/u?122c1e05

http://www.nessus.org/u?74a641a5

Plugin Details

Severity: Low

ID: 72880

File Name: lotus_sametime_connect_swg21665658.nasl

Version: 1.6

Type: local

Agent: windows

Family: Windows

Published: 3/7/2014

Updated: 11/26/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.7

CVSS v2

Risk Factor: Low

Base Score: 1.9

Temporal Score: 1.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2014-0890

Vulnerability Information

CPE: cpe:/a:ibm:sametime

Required KB Items: SMB/Registry/Enumerated, SMB/IBM Lotus Sametime Client/Path, SMB/IBM Lotus Sametime Client/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 2/26/2014

Vulnerability Publication Date: 2/21/2014

Reference Information

CVE: CVE-2014-0890

BID: 65937