IBM Lotus Domino Web Access (DWA) 7.0.1 does not expire a client's Lightweight Third-Party Authentication token (LtpaToken) upon logout, which allows remote attackers to obtain a user's privileges by intercepting the LtpaToken cookie.
References
Configurations
History
No history.
Information
Published : 2006-09-13 23:07
Updated : 2024-02-04 16:52
NVD link : CVE-2006-4763
Mitre link : CVE-2006-4763
CVE.ORG link : CVE-2006-4763
JSON object : View
Products Affected
ibm
- lotus_domino_web_access
CWE