• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

IBM Lotus Notes User.ID File Key Information Disclosure Vulnerability

IBM Lotus Notes is prone to a local information-disclosure vulnerability because it fails to protect sensitive information from unprivileged users.

A local attacker may exploit this issue to obtain encryption key data from an unencrypted file that is used by the application. The attacker may then use this information to retrieve further information or to launch other attacks.

Versions prior to IBM Lotus Notes 6.5.5 FP2 and 7.0.2 are vulnerable; other versions may also be affected.