Vulnerability Development mailing list archives
RE: Lotus Domino password bypass
From: "Jens H. Christensen" <jens.christensen () vigilante com>
Date: Mon, 4 Feb 2002 12:38:47 -0500
As I see it, you do not bypass any ACL or password verification. You only gain access to the templates - providing the acl allows anonymous access. The same thing can be achieved by referencing the template by its replica-id (http://www.securityfocus.com/bid/3491) The whole issue is the way Domino maps the file extension to a physical path. Furthermore the use of buffer truncation to access templates, have already been pointed out by NGSSoftware (http://www.nextgenss.com/papers/hpldws.pdf, page 10). Since templates (usually) only contains design elements and no data, they are (usually) of limited interest. However, there might be some interesting functionality (webadmin.ntf) or information in the template. But you're still only running as anonymous, and that will most likely prevent you from doing any of the 'juicy' stuff. Jens H. Christensen -----Original Message----- From: Gabriel A. Maggiotti [mailto:gmaggiot () ciudad com ar] Sent: 4. februar 2002 05:00 To: vuln-dev () securityfocus com; bugtraq () securityfocus com Subject: Lotus Domino password bypass
Current thread:
- RE: Lotus Domino password bypass Jens H. Christensen (Feb 04)
- <Possible follow-ups>
- Re: Lotus Domino password bypass David Litchfield (Feb 04)
- Lotus Domino password bypass Red Wolf (Feb 04)