Lotus Sametime Key Disclosure Encryption Weakness

2003-08-07T08:32:02
ID OSVDB:2379
Type osvdb
Reporter OSVDB
Modified 2003-08-07T08:32:02

Description

Vulnerability Description

Lotus Sametime contains a flaw that may allow a malicious user to decrypt communications. The vulnerability is related to the encryption scheme used in the communication. It is possible that the flaw may allow a malicious user to eavesdrop on a conversation resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Lotus Sametime contains a flaw that may allow a malicious user to decrypt communications. The vulnerability is related to the encryption scheme used in the communication. It is possible that the flaw may allow a malicious user to eavesdrop on a conversation resulting in a loss of confidentiality.

References:

Vendor URL: http://www.lotus.com/products/lotussametime.nsf/wdocs/homepage Secunia Advisory ID:9468 ISS X-Force ID: 12850 Generic Exploit URL: http://archives.neohapsis.com/archives/bugtraq/2003-08/0072.html Bugtraq ID: 8359