Penetration Testing mailing list archives
Re: Lotus 1352 NRPC Encryption
From: Chris.McGinley () sungard com
Date: Thu, 20 Dec 2007 15:30:58 -0500
Domino has a vulnerability in that it allows Notes clients without ID files to enter their name and ask for the ID file. You can use the Notes client (new setup) to manually test this; just point to the server and specify your username. Notes will grab the ID file if it exists...you'll have to intercept it from your Notes data directory and crack its password. It can be scripted with Perl as well, but I've not seen a tool publicly available to exploit it. -Chris Clone <c70n3 () yahoo co in> 12/20/2007 03:38 AM To Chris.McGinley () sungard com cc pen-test () securityfocus com Subject Re: Lotus 1352 NRPC Encryption Hmm.. we are doing a blacbox pen test .. we do not have a test username or password or ID file.. in such a scenario how can we use the Notes client to get this info? --- Chris.McGinley () sungard com wrote:
NRPC encryption is configured by the Notes client, not the server. -Chris Clone <c70n3 () yahoo co in> Sent by: listbounce () securityfocus com 12/18/2007 11:39 PM To pen-test () securityfocus com cc Subject Lotus 1352 NRPC Encryption Hello All, Is there a way to find out anonymously whether port 1352 of Lotus Notes NRPC service uses encryption mechanisms or not? Good day. Share files, take polls, and discuss your passions - all under one roof. Go to http://in.promos.yahoo.com/groups
------------------------------------------------------------------------
This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads
------------------------------------------------------------------------
Explore your hobbies and interests. Go to http://in.promos.yahoo.com/groups ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Lotus 1352 NRPC Encryption Clone (Dec 18)
- <Possible follow-ups>
- Re: Lotus 1352 NRPC Encryption Clone (Dec 20)
- Re: Lotus 1352 NRPC Encryption Chris . McGinley (Dec 20)