[24110] in bugtraq
Lotus Domino password bypass
daemon@ATHENA.MIT.EDU (Red Wolf)
Mon Feb 4 20:24:39 2002
Date: Mon, 04 Feb 2002 13:49:40 -0500
From: "Red Wolf" <red.wolf@onebox.com>
To: vuln-dev@securityfocus.com, bugtraq@securityfocus.com
Cc: gmaggiot@ciudad.com.ar
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
Message-Id: <20020204184940.GVUN29423.mta06.onebox.com@onebox.com>
Short term fix...
Create a URL ---> Redirect URL
IP Address (leave blank)
Incoming URL path : */*.ntf*
Redirection URL string : http://www.your_home_page_here.com
Was there any attempt to notify Lotus?
RedWolf
---------------------------------------------------------------------Web:
http://qb0x.net Author: GabrielA.
Maggiotti
Date: Febrary 03, 2002 E-mail:
gmaggiot@ciudad.com.ar
---------------------------------------------------------------------Summary
-------
A security vulnerability has been found in the popular Lotus Domino Web
server. Lotus Domino have files like webadmin.nsf, log.nsf and names.nfs,
this files are protected by password. I discover that is posible to
bypass this password if you create a malformed url....
__________________________________________________
FREE voicemail, email, and fax...all in one place.
Sign Up Now! http://www.onebox.com
