IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Lotus_notes | Ibm | 7.0 (including) | 7.0 (including) |
| Lotus_notes | Ibm | 8.0 (including) | 8.0 (including) |
| Lotus_notes | Ibm | 8.5 (including) | 8.5 (including) |
References
- http://secunia.com/advisories/39507
- http://www-01.ibm.com/support/docview.wss?uid=swg21427073
- http://www.securityfocus.com/bid/39525
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14725
- http://secunia.com/advisories/39507
- http://www-01.ibm.com/support/docview.wss?uid=swg21427073
- http://www.securityfocus.com/bid/39525
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14725