Re: Password cracking / recovery Lotus Notes R6

[AdamT <adwulf () gmail com>]

On 11/28/05, Francois Labreque <flabreq () ca ibm com> wrote:

> > Can't you just sniff them off the wire?
>
> Lotus Notes traffic and passwords and encrypted on the wire.
The Notes 'internet password' is stored encrypted, but if it's being
used to access a POP3/IMAP mailbox, or HTTP daemon or suchlike which
isn't encrypted, the password will be cleartext.  This isn't the
password for the .id files, but it will let you effectively 'be' that
user for whichever services like that are enabled.

--
AdamT
"Maidenhead is *not* in Kent"

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------