CVE-2006-5835

The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Domino before 6.5.5 FP2 and 7.x before 7.0.2 does not require authentication to perform user lookups, which allows remote attackers to obtain the user ID file.

Published: Nov 10, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-5835
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
ibm / lotus_notes	6.5.2	6.5.2.x
ibm / lotus_notes	6.0	6.0.x
ibm / lotus_notes	6.0.1	6.0.1.x
ibm / lotus_notes	5.0.3	5.0.3.x
ibm / lotus_notes	5.0.12	5.0.12.x
ibm / lotus_notes	6.0.2	6.0.2.x
ibm / lotus_notes	7.0	7.0.x
ibm / lotus_notes	6.0.4	6.0.4.x
ibm / lotus_notes	6.5.4	6.5.4.x
ibm / lotus_notes	6.5.1	6.5.1.x
ibm / lotus_notes	6.0.5	6.0.5.x
ibm / lotus_notes	6.5	6.5.x
ibm / lotus_notes	7.0.1	7.0.1.x
ibm / lotus_notes	6.5.3	6.5.3.x
ibm / lotus_notes	6.0.3	6.0.3.x
ibm / lotus_notes	6.5.5	6.5.5.x

http://secunia.com/advisories/22741
http://securitytracker.com/id?1017203
http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21248026
http://www.fortconsult.net/images/pdf/lotusnotes_keyfiles.pdf
http://www.securityfocus.com/bid/20960
http://www.vupen.com/english/advisories/2006/4411
https://exchange.xforce.ibmcloud.com/vulnerabilities/30118

Vulnerability Database

289,697

CVE-2006-5835