Vulnerability Development mailing list archives

Lotus Domino password bypass

From: "Red Wolf" <red.wolf () onebox com>
Date: Mon, 04 Feb 2002 13:49:40 -0500

Short term fix...

Create a URL ---> Redirect URL
IP Address  (leave blank)
Incoming URL path : */*.ntf*
Redirection URL string : http://www.your_home_page_here.com

Was there any attempt to notify Lotus?

RedWolf

---------------------------------------------------------------------Web:
 http://qb0x.net                               Author: GabrielA.
Maggiotti
Date: Febrary 03, 2002                              E-mail:
gmaggiot () ciudad com ar
---------------------------------------------------------------------Summary
-------
A security vulnerability has been found in the popular Lotus Domino Web
server. Lotus Domino have files like webadmin.nsf, log.nsf and names.nfs,
 this files are protected by password.  I discover that is posible to
bypass this password if you create a malformed url....

__________________________________________________
FREE voicemail, email, and fax...all in one place.
Sign Up Now! http://www.onebox.com

Current thread:

RE: Lotus Domino password bypass Jens H. Christensen (Feb 04)
- <Possible follow-ups>
- Re: Lotus Domino password bypass David Litchfield (Feb 04)
- Lotus Domino password bypass Red Wolf (Feb 04)