VYPR
Unrated severityNVD Advisory· Published Oct 29, 2007· Updated Jun 16, 2026

CVE-2007-5701

CVE-2007-5701

Description

Incomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 7.0.3 allows local users, or attackers with physical access, to obtain sensitive information (passwords) when an administrator enters a "ca activate" or "ca unlock" command with any uppercase character, which bypasses a blacklist designed to suppress password logging, resulting in cleartext password disclosure in the console log and Admin panel.

Affected products

11
  • IBM/Lotus Domino11 versions
    cpe:2.3:a:ibm:lotus_domino:6.5.5:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:a:ibm:lotus_domino:6.5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:lotus_domino:6.5.5:*:fp1:*:*:*:*:*
    • cpe:2.3:a:ibm:lotus_domino:6.5.5:*:fp2:*:*:*:*:*
    • cpe:2.3:a:ibm:lotus_domino:6.5.5:*:fp3:*:*:*:*:*
    • cpe:2.3:a:ibm:lotus_domino:6.5.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:lotus_domino:6.5.6:*:fp1:*:*:*:*:*
    • cpe:2.3:a:ibm:lotus_domino:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:lotus_domino:7.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:lotus_domino:7.0.2:*:fp1:*:*:*:*:*
    • cpe:2.3:a:ibm:lotus_domino:7.0.2:*:fp2:*:*:*:*:*
    • (no CPE)range: <7.0.3

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.