IBM Lotus Domino Cookie File Authentication Bypass Vulnerability Network Vulnerability

Summary

The host is running IBM Lotus Domino Server and is prone to authentication bypass vulnerability

Impact

Successful exploitation may allow remote attackers to bypass the authentication mechanism by providing a malicious UNC path to COOKIEFILE. Impact Level: Application/System

Solution

Upgrade to version 8.5.2 FP3 or 8.5.3 or later, For updates refer to http://www-01.ibm.com/software/lotus/products/domino

Insight

The flaw is due to an error in the Server Controller authentication mechanism, which does not properly verify the COOKIEFILE path before using it to retrieve user's credentials.

Affected

IBM Lotus Domino versions 7.x and 8.x

References

http://secunia.com/advisories/43860
http://www.securityfocus.com/archive/1/archive/1/517119/100/0/threaded
http://www.vupen.com/english/advisories/2011/0758
http://www.zerodayinitiative.com/advisories/ZDI-11-110/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1519, CVE-2011-1520

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat Multiple Vulnerabilities -01 Jan 13 (Windows)
Adobe Captivate Insecure Library Loading Vulnerability
7T Interactive Graphical SCADA System Multiple Security Vulnerabilities
Adobe Acrobat Sandbox Bypass Vulnerability - Aug14 (Windows)
Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Windows)

Take action and discover your vulnerabilities