Session Token Vulnerability in IBM Lotus Domino Web Access
CVE-2006-4763
Currently unrated
Summary
IBM Lotus Domino Web Access 7.0.1 contains a vulnerability whereby the Lightweight Third-Party Authentication token (LtpaToken) remains valid even after the user logs out. This flaw allows remote attackers to intercept the LtpaToken cookie, potentially granting them unauthorized access to user privileges. The lack of token expiration upon logout poses serious risks to user security and session management, making it essential for organizations to address this vulnerability promptly.
References
Timeline
Vulnerability published
Vulnerability Reserved