IBM Lotus Notes multiple disclosures of password hashes

To: "bugtraq" <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: IBM Lotus Notes multiple disclosures of password hashes
From: "Shalom Carmel" <shalom@xxxxxxxxxx>
Date: Sat, 20 Aug 2005 04:54:01 +0300
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Summary
========

A vulnerability describing password hashes disclosure in Domino

webmail was published in July 2005.A further test revealed disclosed

password hashes in the Lotus Notes client and in Domino LDAP.


Details
=======
Lotus Notes client can be used to access the Notes Address Book (NAB).

The Notes password digest is revealed on the Administration

tab of an arbitrary person's entry.

The "PasswordDigest" and "HTTPPassword" fields are revealed in the NAB
entry's document properties.

Domino LDAP also reveals the values of "PasswordDigest" and "HTTPPassword" .


Vulnerable versions:
===================
All versions


Full details with examples can be found at
http://www.venera.com/downloads/Lotus_password_disclosures.pdf


Shalom Carmel
-------------------
www.venera.com - Exposing iSeries insecurity

Prev by Date: Vul in MyBB
Next by Date: Woltlab Burning Board <= 2.2.2/2.3.3 modcp.php SQL injection
Previous by thread: Vul in MyBB
Next by thread: Woltlab Burning Board <= 2.2.2/2.3.3 modcp.php SQL injection
Index(es):
- Date
- Thread