Enumerating users on a Domino webserver

• Previous message: Stephen: "Re: Looking for old Interbase proof-of-concept exploit"
• Next in thread: OBrien, Brennan: "RE: Enumerating users on a Domino webserver"
• Reply: OBrien, Brennan: "RE: Enumerating users on a Domino webserver"
• Reply: Bruno Mosconi: "Re: Enumerating users on a Domino webserver"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

during a pen-test against a Domino 5.0.8 webserver, I was able to enumerate valid users.

A simple "GET /mail/toto.nsf HTTP/1.0" redirects to the login page (with a "200 OK" 
HTTP code) if the user "toto" exists and a "404 File not Found"  is returned if the user 
doesn't exist.
This issue can allow a faster brute force attack on HTTP passwords.


I have search the Net for more information about this problem, but I found nothing.

Can the readers reproduce this behaviour ?
Do you see others implications than users enumeration (for social engineering and brute 
force attacks) ?


Nicob

• Next message: OBrien, Brennan: "RE: Enumerating users on a Domino webserver"
• Previous message: Stephen: "Re: Looking for old Interbase proof-of-concept exploit"
• Next in thread: OBrien, Brennan: "RE: Enumerating users on a Domino webserver"
• Reply: OBrien, Brennan: "RE: Enumerating users on a Domino webserver"
• Reply: Bruno Mosconi: "Re: Enumerating users on a Domino webserver"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jan 30 2002 - 09:04:30 PST