Session Token Vulnerability in IBM Lotus Domino Web Access
CVE-2006-4763

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Domino Web Access
Vendor: CVE Published:; 13 September 2006

What is CVE-2006-4763?

IBM Lotus Domino Web Access 7.0.1 contains a vulnerability whereby the Lightweight Third-Party Authentication token (LtpaToken) remains valid even after the user logs out. This flaw allows remote attackers to intercept the LtpaToken cookie, potentially granting them unauthorized access to user privileges. The lack of token expiration upon logout poses serious risks to user security and session management, making it essential for organizations to address this vulnerability promptly.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/28881

vdb-entryx_refsource_XF

http://www.securityfocus.com/archive/1/445821/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://lists.grok.org.uk/pipermail/full-disclosure/2006-S...

mailing-listx_refsource_FULLDISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 13, 2006
Vulnerability Reserved
Sep 13, 2006