HCL Domino is susceptible to a lockout policy bypass vulnerability in the LDAP service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the LDAP service. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 FP6 and 11.0.1 FP1 and later.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Hcl_domino | Hcltech | * | 9.0.1 (excluding) |
| Hcl_domino | Hcltech | 10.0.0 (including) | 10.0.1 (excluding) |
| Hcl_domino | Hcltech | 11.0.0 (including) | 11.0.1 (excluding) |
| Hcl_domino | Hcltech | 9.0.1-feature_pack_10_interim_fix_2 (including) | 9.0.1-feature_pack_10_interim_fix_2 (including) |
| Hcl_domino | Hcltech | 9.0.1-feature_pack_10_interim_fix_3 (including) | 9.0.1-feature_pack_10_interim_fix_3 (including) |
| Hcl_domino | Hcltech | 9.0.1-feature_pack_10_interim_fix_4 (including) | 9.0.1-feature_pack_10_interim_fix_4 (including) |
| Hcl_domino | Hcltech | 9.0.1-feature_pack_10_interim_fix_5 (including) | 9.0.1-feature_pack_10_interim_fix_5 (including) |
| Hcl_domino | Hcltech | 10.0.1-fixpack1 (including) | 10.0.1-fixpack1 (including) |
| Hcl_domino | Hcltech | 10.0.1-fixpack2 (including) | 10.0.1-fixpack2 (including) |
| Hcl_domino | Hcltech | 10.0.1-fixpack3 (including) | 10.0.1-fixpack3 (including) |
| Hcl_domino | Hcltech | 10.0.1-fixpack4 (including) | 10.0.1-fixpack4 (including) |
| Hcl_domino | Hcltech | 10.0.1-fixpack5 (including) | 10.0.1-fixpack5 (including) |
References
- https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085407
- https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085407