HCL Domino is susceptible to a weak cryptography vulnerability
CVE-2023-37495

5.9MEDIUM

Key Information:

Vendor: Hcl Software
Status: Hcl Domino Server
Vendor: CVE Published:; 29 February 2024

Summary

A security issue has been identified in the HCL Domino® Directory, where internet passwords stored in Person documents are protected using a cryptographically weak hash algorithm. This vulnerability affects documents created through the 'Add Person' action within the People & Groups tab of the Domino® Administrator. Attackers with access to the hashed values may exploit this flaw, potentially revealing user passwords through methods such as brute force attacks. It is important to note that Person documents generated via user registration processes are not affected by this vulnerability.

Affected Version(s)

HCL Domino Server 9, 10, 11, 12

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 29, 2024
Vulnerability Reserved
Jul 6, 2023