IBM Notes 8.5 < 8.5.3 IF4 HF2 / 9.0 < 9.0 IF2 Password Disclosure

Low Nessus Plugin ID 66942


The remote host has software installed that is affected by an information disclosure vulnerability.


The remote host has a version of Lotus Notes 8.5.x earlier than 8.5.3 Fix Pack 4 Interim Fix 2 or 9.0 earlier than Interim Fix 2. As such, it is potentially affected by an information disclosure vulnerability.
IBM Notes may fail to zero the plaintext password within memory, leaving the plaintext password accessible to an attacker with the ability to access memory on the user's local workstation.


Upgrade to IBM Notes 8.5.3 FP4 Interim Fix 2 / 9.0 Interim Fix 2 or later.

See Also

Plugin Details

Severity: Low

ID: 66942

File Name: lotus_notes_swg21636154.nasl

Version: $Revision: 1.8 $

Type: local

Agent: windows

Family: Windows

Published: 2013/06/20

Modified: 2017/07/14

Dependencies: 61486

Risk Information

Risk Factor: Low


Base Score: 1.9

Temporal Score: 1.7

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:lotus_notes

Required KB Items: SMB/Lotus_Notes/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/06/12

Vulnerability Publication Date: 2013/06/12

Reference Information

CVE: CVE-2013-0534

BID: 60536

OSVDB: 94423