Multiple vulnerabilities in IBM Lotus Mobile Connect

A weakness and two vulnerabilities have been reported in IBM Lotus Mobile Connect, according to Secunia. These can be exploited by malicious people with physical access to bypass certain security restrictions and malicious people to cause a Denial of Service.

1. The weakness is caused due to the Connection Manager not properly deleting the LTPA token for a session after the user logs off via the “Logoff” button, which can be exploited to bypass the authentication.

Successful exploitation requires that the attacker has e.g. access to an unattended client.

2. The Connection Manager does not properly handle failed connection attempts to the HTTP-TCP based Mobile Network Connections (MNC), which can be exploited to e.g. cause an out-of-memory condition, resulting in a crash.

3. An error exists within the reference counter of the Connection Manager when handling repeated logons with the same VPN ID, which can be exploited to desynchronize the reference counter of active sessions, leading to an exhaustion of e.g. all available dynamic IP addresses.

IBM has provided online fixes for version 6.1.4 for all these issues.