Local User Password Discovery Vulnerability in IBM Notes on Windows
CVE-2013-0522

7HIGH

Key Information:

Vendor: IBM
Status: Lotus Notes
Vendor: CVE Published:; 16 July 2018

What is CVE-2013-0522?

The Single Logon feature in various versions of IBM Notes on Windows is susceptible to a vulnerability that allows local users to discover stored passwords. This flaw arises from an unspecified communication mechanism within the operating system used for password transmission between Windows and Notes. As a result, unauthorized access to user credentials becomes a significant risk, necessitating immediate attention and mitigation by users of the affected versions.

References

https://www-01.ibm.com/support/docview.wss?uid=swg21634508

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/82531

vdb-entryx_refsource_XF

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 16, 2018
Vulnerability Reserved
Dec 16, 2012