Security Bulletin: For safer IBM Notes single sign on with Windows, use Notes Shared Login or Notes Federated Login (CVE-2013-0522)
IBM PSIRT 270004PFE3 firstname.lastname@example.org | | Tags:  psirtics psirtmedium
0 Comments | 1,070 Visits
Notes Client Single Logon uses an operating system communication mechanism for password transmission between Windows and Notes that can be attacked by malicious code planted on the user workstation to reveal the user password. To prevent the potential for attack, disable Notes Client Single Logon and instead opt to use the more secure Notes Shared Login or Notes Federated Login.
Affected product(s) & Affected version(s):
Any version of IBM Notes running on Windows with Notes Client Single Logon enabled
Refer to the following reference URLs for remediation and additional vulnerability details.