Lotus Notes

From: svetsanj@hotmail.com
Date: Wed Nov 27 2002 - 01:28:07 EST

• Next message: Robert E. Lee: "Re: Terminal Server brute force"
• Previous message: Mathias Wegner: "Re: Cisco UBR920 cable router - SNMP to change telnet passwords?"
• Next in thread: Chad Loder: "Re: Lotus Notes"
• Reply: Chad Loder: "Re: Lotus Notes"
• Reply: M. Zeeshan Mustafa: "Re: Lotus Notes"
• Reply: David Barnett: "Re: Lotus Notes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

We are doing a penetration testing for a client who has lotus notes. We
were able to access the catalog.nsf file from the web and other admin
pages such as the user list page, connections page database page etc.

Question is, is this just a low level threat or can a hacker use this
info to hack further. Also clicking on some of the admin pages brings up
a default page which says click here to access page. On a notes client
its possible to click that page put not through http. Is there a
workaround url that bypasses that page?

        SKP
        

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Next message: Robert E. Lee: "Re: Terminal Server brute force"
• Previous message: Mathias Wegner: "Re: Cisco UBR920 cable router - SNMP to change telnet passwords?"
• Next in thread: Chad Loder: "Re: Lotus Notes"
• Reply: Chad Loder: "Re: Lotus Notes"
• Reply: M. Zeeshan Mustafa: "Re: Lotus Notes"
• Reply: David Barnett: "Re: Lotus Notes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:26 EDT