IBM Lotus Domino Crafted .nsf Request Authentication Bypass

Medium Nessus Plugin ID 10953


A web application on the remote host has an authentication bypass vulnerability.


By creating a specially crafted URL, the authentication mechanism of the Domino database can be circumvented. These URLs should look like :<databasename>.ntf<buff>.nsf/

in which <buff> has a certain length.


Upgrade to the latest version of Domino.

See Also

Plugin Details

Severity: Medium

ID: 10953

File Name: domino_authentication_bypass.nasl

Version: $Revision: 1.31 $

Type: remote

Family: Web Servers

Published: 2002/05/12

Modified: 2016/11/15

Dependencies: 10107, 11919, 17975

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

Vulnerability Information

CPE: cpe:/a:ibm:lotus_domino

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2002/02/03

Reference Information

CVE: CVE-2001-1567

BID: 4022

OSVDB: 780