Firewall Wizards mailing list archives
Re: Lotus Domino as an access control to internal network
From: Aleph One <aleph1 () dfw net>
Date: Fri, 6 Mar 1998 11:09:53 -0600 (CST)
On Thu, 5 Mar 1998, Rik Farrow wrote:
Aleph One <aleph1 () dfw net> may have written:The password only unlocks your RSA key. The session key is used to exchange a randomly generated session key. There is no need for one time passwords.True enough. But when I last looked at Notes (about 8 months ago), I learned that Notes permits password guessing, adding a 30 second delay with each failed attempt, but no lockout and no logging. Guessing the password using a dictionary attempt doesn't get you into Notes because RSA is also used. However, users typically maintain the same password everywhere they login. So using a Notes server to guess a users password might provide access to other servers as well (for example, terminal servers with internal network access, but lockouts on password guessing).
Your statement does not make sense. Who are you planning to guess the password using a dictionary attack unless you also have the user's USER.ID files? And if you have the USER.ID file and do guess the password you have already broken in.
Regards, Rik
Aleph One / aleph1 () dfw net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
Current thread:
- Re: Lotus Domino as an access control to internal network Andreas Siegert (Mar 02)
- <Possible follow-ups>
- Re: Lotus Domino as an access control to internal network Rik Farrow (Mar 06)
- Re: Lotus Domino as an access control to internal network Aleph One (Mar 06)
- Re: Lotus Domino as an access control to internal network Rik Farrow (Mar 06)
- Re: Lotus Domino as an access control to internal network Aleph One (Mar 06)