IBM Lotus Sametime Connect Audio / Video Chat Information Disclosure

Low Nessus Plugin ID 72880


The remote Windows host has a chat client that is affected by an information disclosure vulnerability.


The version of IBM Lotus Sametime Connect installed on the remote Windows host is potentially affected by an information disclosure vulnerability. If a user sets a certain log flag to high and uses Audio/Video chat, the user's password is stored in plaintext (unencrypted).


Apply the patch referenced in the advisory.

See Also

Plugin Details

Severity: Low

ID: 72880

File Name: lotus_sametime_connect_swg21665658.nasl

Version: $Revision: 1.3 $

Type: local

Agent: windows

Family: Windows

Published: 2014/03/07

Modified: 2017/07/19

Dependencies: 13855, 70071

Risk Information

Risk Factor: Low


Base Score: 2.1

Temporal Score: 1.8

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:sametime

Required KB Items: SMB/IBM Lotus Sametime Client/Path, SMB/IBM Lotus Sametime Client/Version, SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/02/26

Vulnerability Publication Date: 2014/02/21

Reference Information

CVE: CVE-2014-0890

BID: 65937

OSVDB: 104046