Bugtraq mailing list archives

Re: Lotus Domino: security hole the size of Texas, plus somewhat smaller protocol auditing utility

From: paolo_armando () CEDATI COM
Date: Wed, 10 Jan 2001 10:15:17 -0000

[snip]
ANY AUTHORIZED USER OF LOTUS DOMINO

MAIL SYSTEM CAN GAIN UNAUTIORIZED

ACCESS TO *ANY* MAILBOX IN THE SYSTEM BY

MODIFYING THE TRAFFIC BETWEEN HIS

CLIENT AND DOMINO SERVER OR BY

MODIFYING CLIENT SOFTWARE ITSELF.

[snip]

no, you are wrong. in the standard install everyone 
can read public documents (not mail) in the mail user 
db. for more info , go to : 
http://www.notes.net/46dom.nsf/df537c4a2ff2611f852
5689c005c6bf2/db3e837e8e9970c8852569d00032a2
2d!OpenDocument

Current thread:

Lotus Domino: security hole the size of Texas, plus somewhat smaller protocol auditing utility Michal Zalewski (Jan 08)
- Re: Lotus Domino: security hole the size of Texas, plus somewhat smaller protocol auditing utility Andreas Siegert (Jan 10)
- <Possible follow-ups>
- Re: Lotus Domino: security hole the size of Texas, plus somewhat smaller protocol auditing utility Michal Zalewski (Jan 08)
- Re: Lotus Domino: security hole the size of Texas, plus somewhat smaller protocol auditing utility paolo_armando (Jan 10)