CVE-2007-0977

Name of the Vulnerable Software and Affected Versions: IBM Lotus Domino versions R5 and R6

Description: The issue affects IBM Lotus Domino R5 and R6 WebMail when "Generate HTML for all fields" is enabled. It stores HTTPPassword hashes from names.nsf in a manner that allows access through Readviewentries and OpenDocument requests to the defaultview view.

Recommendations: For IBM Lotus Domino versions R5 and R6, consider disabling the "Generate HTML for all fields" option as a temporary workaround to minimize the risk of exploitation. Restrict access to the names.nsf file and defaultview view to prevent unauthorized access to HTTPPassword hashes.