Attackers could obtain users' password hashes, change dates and other sensitive information by exploiting a security hole in IBM Lotus Domino. The problem, IBM said in an advisory, is that the Webmail component includes a user's password information in HTML hidden fields when the user's entry is viewed in the public address book. Attackers could access other users' password hashes, password change dates, and other sensitive information by viewing the HTML source code. This affects versions 5.0, 6.0, and 6.5. One solution is to reconfigure Domino so it will store users' passwords using salted hashes and not include users' password hashes in HTML hidden fields.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
This story originally appeared on SearchSecurity.com