Article

Webmail opens hole in IBM Lotus Domino

SearchSecurity.com Staff
Attackers could obtain users' password hashes, change dates and other sensitive information by exploiting a security hole in IBM Lotus Domino. The problem, IBM said in an advisory, is that the Webmail component includes a user's password information in HTML hidden fields when the user's entry is viewed in the public address book. Attackers could access other users' password hashes, password change dates, and other sensitive information by viewing the HTML source code. This affects versions 5.0, 6.0, and 6.5. One solution is to reconfigure Domino so it will store users' passwords using salted hashes and not include users' password hashes in HTML hidden fields.

This story originally appeared on SearchSecurity.com


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: