Webmail opens hole in IBM Lotus Domino

Attackers could obtain users' password hashes, change dates and other sensitive information by exploiting a security hole in IBM Lotus Domino 5.0, 6.0, and 6.5.

Attackers could obtain users' password hashes, change dates and other sensitive information by exploiting a security hole in IBM Lotus Domino. The problem, IBM said in an advisory, is that the Webmail component includes a user's password information in HTML hidden fields when the user's entry is viewed in the public address book. Attackers could access other users' password hashes, password change dates, and other sensitive information...

by viewing the HTML source code. This affects versions 5.0, 6.0, and 6.5. One solution is to reconfigure Domino so it will store users' passwords using salted hashes and not include users' password hashes in HTML hidden fields.

This story originally appeared on SearchSecurity.com

Dig deeper on Lotus Notes Domino Security

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchWinIT

Search400

  • iSeries tutorials

    Search400.com's tutorials provide in-depth information on the iSeries. Our iSeries tutorials address areas you need to know about...

  • V6R1 upgrade planning checklist

    When upgrading to V6R1, make sure your software will be supported, your programs will function and the correct PTFs have been ...

  • Connecting multiple iSeries systems through DDM

    Working with databases over multiple iSeries systems can be simple when remotely connecting logical partitions with distributed ...

SearchEnterpriseLinux

SearchVirtualDataCentre.co.UK

Close