Skip Ribbon Commands
Skip to main content
Computer Security Incident Response Team of Mauritius (CERT-MU)

VN-2017-80


IBM Domino TLS Server DH Parameter Validation Flaw Lets Remote Users Obtain Authentication Credentials
Severity Rating: Medium
Systems Affected:
  • IBM Domino 9.0.1 through 9.0.1 Fix Pack 7 Interim Fix 2
  • IBM Domino 9.0 through 9.0 Interim Fix 7
  • IBM Domino 8.5.3 through 8.5.3 Fix Pack 6 Interim Fix 17
  • IBM Domino 8.5.2 through 8.5.2 Fix Pack 4
  • IBM Domino 8.5.1 through 8.5.1 Fix Pack 5
Description
A vulnerability has been identified in IBM Domino and can be exploited by remote attackers to obtain authentication credentials. The vulnerability can allow remote attackers to create multiple key exchange sessions to trigger a Diffie-Hellman (DH) parameter validation flaw in the TLS server and cause the system to use a less secure connection. A remote user can exploit this flaw to obtain user authentication credentials.
 
Solution
Users are advised to update apply updates.
More information is available on:
 
Vendor Information
IBM
 
References
Security Tracker
 
IBM Support
 
Contact Information
 
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis