CVE-2006-4763

Name of the Vulnerable Software and Affected Versions IBM Lotus Domino Web Access (DWA) version 7.0.1

Description The issue allows remote attackers to obtain a user's privileges by intercepting the LtpaToken cookie, as the client's Lightweight Third-Party Authentication token does not expire upon logout.

Recommendations For version 7.0.1, consider implementing a logout mechanism that properly expires the LtpaToken cookie to prevent unauthorized access. As a temporary workaround, restrict access to sensitive resources that rely on the LtpaToken for authentication until a proper fix is applied.