Lotus Domino password bypass

From: Red Wolf (red.wolfat_private)
Date: Mon Feb 04 2002 - 10:49:40 PST

Next message: sould3mon: "Re: mIRC Buffer Overflow"

Previous message: David Litchfield: "Re: Lotus Domino password bypass"
Next in thread: Jens H. Christensen: "RE: Lotus Domino password bypass"
Maybe reply: Jens H. Christensen: "RE: Lotus Domino password bypass"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Short term fix...

Create a URL ---> Redirect URL
IP Address  (leave blank)
Incoming URL path : */*.ntf*
Redirection URL string : http://www.your_home_page_here.com

Was there any attempt to notify Lotus?

RedWolf

---------------------------------------------------------------------Web:
 http://qb0x.net                               Author: GabrielA.
Maggiotti
Date: Febrary 03, 2002                              E-mail:
gmaggiotat_private
---------------------------------------------------------------------Summary
-------
A security vulnerability has been found in the popular Lotus Domino Web
server. Lotus Domino have files like webadmin.nsf, log.nsf and names.nfs,
 this files are protected by password.  I discover that is posible to
bypass this password if you create a malformed url....

__________________________________________________
FREE voicemail, email, and fax...all in one place.
Sign Up Now! http://www.onebox.com

Next message: sould3mon: "Re: mIRC Buffer Overflow"
Previous message: David Litchfield: "Re: Lotus Domino password bypass"
Next in thread: Jens H. Christensen: "RE: Lotus Domino password bypass"
Maybe reply: Jens H. Christensen: "RE: Lotus Domino password bypass"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Feb 04 2002 - 17:24:14 PST