IBM Notes 8.5 < 8.5.3 IF4 HF2 / 9.0 < 9.0 IF2 Password Disclosure
Low Nessus Plugin ID 66942
SynopsisThe remote host has software installed that is affected by an information disclosure vulnerability.
DescriptionThe remote host has a version of Lotus Notes 8.5.x earlier than 8.5.3 Fix Pack 4 Interim Fix 2 or 9.0 earlier than Interim Fix 2. As such, it is potentially affected by an information disclosure vulnerability.
IBM Notes may fail to zero the plaintext password within memory, leaving the plaintext password accessible to an attacker with the ability to access memory on the user's local workstation.
SolutionUpgrade to IBM Notes 8.5.3 FP4 Interim Fix 2 / 9.0 Interim Fix 2 or later.