2006-09-13 23:00:00
mitre
PUBLISHED
IBM Lotus Domino Web Access (DWA) 7.0.1 does not expire a clients Lightweight Third-Party Authentication token (LtpaToken) upon logout, which allows remote attackers to obtain a users privileges by intercepting the LtpaToken cookie.