The IBM Notes Traveler application for Android does not enforce the use of HTTPS for transmitting user credentials, which can allow an attacker to obtain this information.
IBM Notes Traveler (formerly known as Lotus Notes Traveler) is an application that allows access to email, calendar, and contacts from mobile devices and tablets.
CWE-319: Cleartext Transmission of Sensitive Information
An attacker with access to network traffic can obtain user credentials for IBM Notes.
Apply an update
This vulnerability was reported by Will Dormann of the CERT/CC.
|Date First Published:||2014-11-07|
|Date Last Updated:||2014-11-13 14:51 UTC|