IBM Domino TLS Server DH Parameter Validation Flaw Lets Remote Users Obtain Authentication Credentials
Severity Rating: Medium
- IBM Domino 9.0.1 through 9.0.1 Fix Pack 7 Interim Fix 2
- IBM Domino 9.0 through 9.0 Interim Fix 7
- IBM Domino 8.5.3 through 8.5.3 Fix Pack 6 Interim Fix 17
- IBM Domino 8.5.2 through 8.5.2 Fix Pack 4
- IBM Domino 8.5.1 through 8.5.1 Fix Pack 5
A vulnerability has been identified in IBM Domino and can be exploited by remote attackers to obtain authentication credentials. The vulnerability can allow remote attackers to create multiple key exchange sessions to trigger a Diffie-Hellman (DH) parameter validation flaw in the TLS server and cause the system to use a less secure connection. A remote user can exploit this flaw to obtain user authentication credentials.
Users are advised to update apply updates.
More information is available on:
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street