CIA Security Research, Security Alerts, Security Tools for Application Security

- Top Vulnerabilities

- Resources

- Alerts

- Disclosure Guidelines

- Library Updates

- Cenzic Newsletter

- White Paper Download

CIA RESEARCH

Alerts

[CIA-1030-Alert] Lotus Domino R5/R6 Webmail Discloses hashed passwords to any authenticated user

Summary:

A vulnerability in the Lotus Domino R5/R6 Webmail allows a user to obtain encrypted password hashes for all users. The password hashes can then be subjected to brute force attacks to retrieve user credentials.

Technical Details:

The Lotus Domino Server R5 and R6 Webmail stores encrypted password hashes for Domino users in HTML Hidden fields. Be opening the Lotus address book and viewing the page source in a web browser a user could obtain the Webmail passwords for any user registered in the Domino address book. Once the password hashes are obtained it becomes possible to conduct a dictionary attack against the stored hashes.

Solution:

The vendor has released a workaround to address this problem. The workaround is as follows (quoted from the source advisory)

To hide the HTTP password from the HTML source:
1) Open the $PersonalInheritableSchema subform
(In the designer under Shared Code, Subforms).
2) Find the fields: $dspHTTPPassword and HTTPPassword.
3) In the field properties for both fields, on the hide
tab under “Hide paragram from” check off “Web browsers”.
4) Open the Person form (Under Forms).
5) In the form properties, on the 2nd tab, disable the
option “Generate HTML for all fields”.

For additional information see the following advisory:

Default Configuration Information Disclosurein Lotus Domino (including Password Hashes)

CVE Reference:

GENERIC-MAP-NOMATCH

SecurityTracker Number(s):

1014584

Vendor URL:

www.imb.com

About the Cenzic CIA Team:

Cenzic Intelligent Analysis (CIA) is Cenzic’s research arm that focuses on continuous research for application vulnerabilities. Industry Research, Vulnerability assessment, penetration testing, and security testing — that’s what Cenzic Intelligent Analysis Research is all about. Cenzic has dedicated experts whose sole job is to perform ongoing research to find not only common vulnerabilities but also vulnerabilities found in customer applications and make them available to our customers and to the community at large.

About Cenzic:

Cenzic provides Hailstorm®, the revolutionary enterprise software suite for automated application security assessment and compliance that allows corporations and government organizations to dramatically improve the security of commercial and custom applications. Hailstorm enables security experts, QA professionals, and developers to work together to assess, analyze, and remediate applications for security vulnerabilities, and verify compliance with security policies. Benefits include reduced security risk and liability, lower development and testing costs, and faster time-to-market. Cenzic’s customers are currently in the financial services and
e-marketplaces sectors. For more information visit www.cenzic.com or call 1-866-4-CENZIC


>	Datasheet: Hailstorm Enterprise ARC
>	Datasheet: Hailstorm Pro
>	Datasheet: Hailstorm Starter
>	Datasheet: Hailstorm Core
>	White Paper: Beyond Simple Vulnerabilities Scanning
>	White Paper: Cross Frame Scripting
>	White Paper: Cenzic Imperative Assessment Plan
>	White Paper: Enabling Security in the Software Development Lifecycle (PDF)