IBM Lotus Domino Web Access (DWA) 7.0.1 does not expire a client's Lightweight Third-Party Authentication token (LtpaToken) upon logout, which allows remote malicious users to obtain a user's privileges by intercepting the LtpaToken cookie.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm lotus domino web access 7.0.1 |