Auth bypass in Ibm Lotus_notes_traveler

CVE-2012-5309

servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 does not properly restrict invalid authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.

Vulnerability class: Broken Authentication

EPSS: 0.005 (68.4th percentile) — read the EPSS interpretation.

Affected products

Ibm Lotus_notes_traveler — versions 8.5.0.0, 8.5.0.1, 8.5.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

20121001 BF, XSS, CSRF and Redirector vulnerabilities in IBM Lotus Notes Traveler (mailing-list, Exploit, x_refsource_FULLDISC)