NuytsTech Security

CVE-2006-4763

by ·

IBM Lotus Domino Web Access (DWA) 7.0.1 does not expire a client’s Lightweight Third-Party Authentication token (LtpaToken) upon logout, which allows remote attackers to obtain a user’s privileges by intercepting the LtpaToken cookie.

Date published : 2006-09-13

http://www.securityfocus.com/bid/19966

http://www.securityfocus.com/archive/1/445821/100/0/threaded

Tags: