Security Vulnerability - GroupWise WebAccess Potentially Exposes Authentication Information

  • 7006373
  • 30-Jun-2010
  • 11-Apr-2014


Novell GroupWise 7
Novell GroupWise 8
Novell GroupWise WebAccess


Under certain circumstances, parameters passed to GroupWise WebAccess could potentially expose authentication information in the user's web browser.

Affected versions:
GroupWise 7.0, 7.01, 7.02, 7.03x, 7.04
GroupWise 8.0, 8.01x

This vulnerability was discovered and reported by Kevin Lynn of The George Washington University (

Novell bug 576308, CVE-2010-2776


To resolve this issue:
For GroupWise 8.0 systems, apply GroupWise 8.0 Support Pack 2 (or later).
For GroupWise 7 systems, apply the GroupWise 7.0 post-SP4 Field Test File (FTF)


Security Alert