Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...


Daniel Nashed

Security Bulletin: IBM Domino TLS server Diffie-Hellman key validation vulnerability (CVE-2016-6087)

Daniel Nashed – 1 June 2017 05:27:46
There is a vulnerability in the TLS stack which could lead an exploit which could lead a less secure connection.
The good news is that the fix is already included in FP8. So you should upgrade to 9.0.1 FP8 if you have a public facing Domino Server with HTTPS.

See the details and reference below.

-- Daniel

A vulnerability in the IBM Domino TLS server's Diffie-Hellman parameter validation could potentially be exploited in a small subgroup attack which could result in a less secure connection.
An attacker may be able to exploit this vulnerability to obtain user authentication credentials.

Vulnerability Details

CVEID: CVE-2016-6087 / DESCRIPTION: IBM Domino could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation.

CVE-2016-6087 is tracked as SPR# DKEN9WGMYE.



    • [HCL Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]