Sure do. Excellent tool for enumeration. Same holds true for OWA for exchange. This gives me the ability, over time, to guess out how the usernames are formed, and provides me with an externally available tool for initial password guessing. -----Original Message----- From: nicobat_private [mailto:nicobat_private] Sent: Wednesday, January 30, 2002 8:55 AM To: vuln-devat_private Subject: Enumerating users on a Domino webserver Hi, during a pen-test against a Domino 5.0.8 webserver, I was able to enumerate valid users. A simple "GET /mail/toto.nsf HTTP/1.0" redirects to the login page (with a "200 OK" HTTP code) if the user "toto" exists and a "404 File not Found" is returned if the user doesn't exist. This issue can allow a faster brute force attack on HTTP passwords. I have search the Net for more information about this problem, but I found nothing. Can the readers reproduce this behaviour ? Do you see others implications than users enumeration (for social engineering and brute force attacks) ? Nicob
This archive was generated by hypermail 2b30 : Wed Jan 30 2002 - 09:50:24 PST