Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-37495

Internet passwords stored in Person documents in the Domino® Directory created using the "Add Person" action on the People & Groups tab in the Domino® Administrator are secured using a cryptographically weak hash algorithm. This could enable attackers with access to the hashed value to determine a user's password, e.g. using a brute force attack. This issue does not impact Person documents created through user registration https://help.hcltechsw.com/domino/10.0.1/admin/conf_userregistration_c.html .

Published

2024-02-29T01:40:04.220

Last Modified

2025-05-08T16:56:18.013

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.9 (MEDIUM)

Weaknesses

Type: Secondary
CWE-306

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	hcltech	domino	< 14.0	Yes

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107585 Vendor Advisory ([email protected])
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107585 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)