Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

alt

Daniel Nashed

Security Bulletin: IBM Domino TLS server Diffie-Hellman key validation vulnerability (CVE-2016-6087)

Daniel Nashed – 1 June 2017 05:27:46
There is a vulnerability in the TLS stack which could lead an exploit which could lead a less secure connection.
The good news is that the fix is already included in FP8. So you should upgrade to 9.0.1 FP8 if you have a public facing Domino Server with HTTPS.


See the details and reference below.


-- Daniel


A vulnerability in the IBM Domino TLS server's Diffie-Hellman parameter validation could potentially be exploited in a small subgroup attack which could result in a less secure connection.
An attacker may be able to exploit this vulnerability to obtain user authentication credentials.


Vulnerability Details


CVEID: CVE-2016-6087 / DESCRIPTION: IBM Domino could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation.


CVE-2016-6087 is tracked as SPR# DKEN9WGMYE.



http://www.ibm.com/support/docview.wss?uid=swg22002808

Links

    Archives


    • [HCL Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]