Security Bulletin: IBM Domino TLS server Diffie-Hellman key validation vulnerability (CVE-2016-6087)
Daniel Nashed – 1 June 2017 05:27:46
There is a vulnerability in the TLS stack which could lead an exploit which could lead a less secure connection. The good news is that the fix is already included in FP8. So you should upgrade to 9.0.1 FP8 if you have a public facing Domino Server with HTTPS.
See the details and reference below.
-- Daniel
A vulnerability in the IBM Domino TLS server's Diffie-Hellman parameter validation could potentially be exploited in a small subgroup attack which could result in a less secure connection.
An attacker may be able to exploit this vulnerability to obtain user authentication credentials.
Vulnerability Details
CVEID: CVE-2016-6087 / DESCRIPTION: IBM Domino could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation.
CVE-2016-6087 is tracked as SPR# DKEN9WGMYE.
http://www.ibm.com/support/docview.wss?uid=swg22002808
- Comments [0]
![[HCL Domino]](../lotus-domino.gif){kind=small}
![[Domino on Linux]](../domino-linux.gif){kind=small}
![[Nash!Com]](../nashcom.gif){kind=small}
![[Daniel Nashed]](../daniel-nsh.gif){kind=small}