Microsoft Outlook Connector for Lotus Domino Password Policy Bypass

2005-03-28T22:54:45
ID OSVDB:15110
Type osvdb
Reporter Juha-Matti Laurio(juha-matti.laurio@netti.fi)
Modified 2005-03-28T22:54:45

Description

Vulnerability Description

Microsoft Outlook 2002 Connector for IBM Lotus Domino, allows users to save passwords locally when authenticating. If the user selects the remember password check box, the credentials will be saved locally resulting in a loss of confidentiality.

Technical Description

This occurs even if a group policy is set to avoid password caching.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

Microsoft Outlook 2002 Connector for IBM Lotus Domino, allows users to save passwords locally when authenticating. If the user selects the remember password check box, the credentials will be saved locally resulting in a loss of confidentiality.

References:

Vendor URL: http://www.microsoft.com/ Vendor URL: http://office.microsoft.com/en-gb/assistance/HA011364481033.aspx Vendor URL: http://support.microsoft.com/default.aspx?scid=fh;[ln];cntactms Security Tracker: 1013583 Microsoft Knowledge Base Article: 888991 Microsoft Knowledge Base Article: 896093 CVE-2005-0921 Bugtraq ID: 12913