Ibm · Ibm Lotus Domino Web Access · CVE-2006-4763
**Name of the Vulnerable Software and Affected Versions**
IBM Lotus Domino Web Access (DWA) version 7.0.1
**Description**
The issue allows remote attackers to obtain a user's privileges by intercepting the `LtpaToken` cookie, as the client's Lightweight Third-Party Authentication token does not expire upon logout.
**Recommendations**
For version 7.0.1, consider implementing a logout mechanism that properly expires the `LtpaToken` cookie to prevent unauthorized access. As a temporary workaround, restrict access to sensitive resources that rely on the `LtpaToken` for authentication until a proper fix is applied.