HCL Domino is susceptible to a weak cryptography vulnerability
CVE-2023-37495

5.9MEDIUM

Key Information:

Vendor: Hcl Software
Status: Hcl Domino Server
Vendor: CVE Published:; 29 February 2024

🔔 Create Hcl Software Vulnerability Alert

What is CVE-2023-37495?

A security issue has been identified in the HCL Domino® Directory, where internet passwords stored in Person documents are protected using a cryptographically weak hash algorithm. This vulnerability affects documents created through the 'Add Person' action within the People & Groups tab of the Domino® Administrator. Attackers with access to the hashed values may exploit this flaw, potentially revealing user passwords through methods such as brute force attacks. It is important to note that Person documents generated via user registration processes are not affected by this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

HCL Domino Server 9, 10, 11, 12

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 29, 2024
Vulnerability Reserved
Jul 6, 2023

JSON

Hcl Software

What is CVE-2023-37495?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.