[3995] in WWW Security List Archive
Re: Lotus Notes Tender System
daemon@ATHENA.MIT.EDU (Charlie_Kaufman/Iris.IRIS@iris.com)
Wed Jan 15 22:39:20 1997
From: Charlie_Kaufman/Iris.IRIS@iris.com
To: THunterD@aol.com
Cc: linehan@watson.ibm.com, mprice@pwd.nsw.gov.au,
Www-Security@ns2.rutgers.edu
Date: 15 Jan 97 19:49:27 EDT
Errors-To: owner-www-security@ns2.rutgers.edu
>Lotus Notes stores your password
>in an ID file. The password remains with that ID file and not on the server.
> Therefore, if I can compromise your password and get a copy of your ID file
>I can have permanent access to your lotus notes database. To make matters
>worse, the user can choose to either have a password or not. This option is
>configurable at the client, so it is feasible that users may not even require
>a password. Additionally, some of the basic security administration
>functions are not available on Notes. Activities such as reviewing invalid
>access attempts are not part of Notes.
Lotus Notes does not store your password in an ID file. Rather, it uses your
password as a key to decrypt your RSA private key that resides in the ID file.
The RSA private key is used in client/server authentication. When an ID file is
created, the system administrator can assign a minimum password length. If the
length is zero, the user may if he chooses remove password protection from his
ID file and be completely exposed to someone who steals it. Even if there is a
minimum password length of eight characters (a common default), there is
nothing to prevent a user from using the password "password", with roughly
equal security to having none.
Until release 4.5, which just came out a few weeks ago, if anyone got a copy of
your ID file and the corresponding password, they could impersonate you
indefinitely. This is because when you change your password it does not change
your private key and therefore servers would continue to accept authentication
from the old ID file/password. Starting with release 4.5, one can configure
servers to check both private keys and user passwords so that if you change
your password any old copies of the ID file will become unuseable for
authenticating to servers.
Notes can audit failed access attempts, but an incorrectly entered password is
not a failed access attempt. Using a password to decrypt an ID file is an
entirely local operation that frequently takes place on a disconnected laptop.
There is no way to effectively audit failed attempts. Notes does have a time
delay backup so that if you try a dictionary full of passwords against an ID
file through Notes, it will quickly start taking 30 seconds per failed attempt.
Someone could, of course, reverse engineer the Notes encryption algorithm and
write their own program that did not have such a delay. The precise format of
ID files is undocumented to deter such attempts.
--Charlie Kaufman
(charlie_kaufman@iris.com)
