IBM Notes Single Sign On Password Disclosure

Medium Nessus Plugin ID 66722


The version of IBM Notes installed on the remote Windows host is affected by an information disclosure vulnerability.


The version of IBM Notes installed on the remote Windows host uses the built-in Single Sign On feature for authentication. Single Sign On is affected by a vulnerability wherein malicious code planted on a user's workstation can be used to reveal the password of an authenticated user.


Disable Notes Client Single Sign On.

See Also

Plugin Details

Severity: Medium

ID: 66722

File Name: lotus_notes_single_signon.nasl

Version: $Revision: 1.3 $

Type: local

Agent: windows

Family: Windows

Published: 2013/05/31

Modified: 2017/07/14

Dependencies: 10456, 61486

Risk Information

Risk Factor: Medium


Base Score: 4.1

Temporal Score: 3.6

Vector: CVSS2#AV:L/AC:M/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/a:ibm:lotus_notes

Required KB Items: SMB/Lotus_Notes/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2013/04/24

Reference Information

CVE: CVE-2013-0522

BID: 59809

OSVDB: 93184