Security Bulletin: For safer IBM Notes single sign on with Windows, use Notes Shared Login or Notes Federated Login (CVE-2013-0522)
IBM PSIRT 270004PFE3 firstname.lastname@example.org | | Tags:  psirtmedium psirtics
0 Comments | 1,180 Visits
Notes Client Single Logon uses an operating system communication mechanism for password transmission between Windows and Notes that can be attacked by malicious code planted on the user workstation to reveal the user password. To prevent the potential for attack, disable Notes Client Single Logon and instead opt to use the more secure Notes Shared Login or Notes Federated Login.
CVE ID: CVE-2013-0522
Any version of IBM Notes running on Windows with Notes Client Single Logon enabled.
Refer to the following reference URLs for remediation and additional vulnerability details.