Lotus Notes

From: svetsanj@hotmail.com
Date: 11/27/02

  • Next message: Robert E. Lee: "Re: Terminal Server brute force"
    From: svetsanj@hotmail.com
    To: pen-test@securityfocus.com
    Date: Wed, 27 Nov 2002 01:28:07 -0500
    
    

    We are doing a penetration testing for a client who has lotus notes. We
    were able to access the catalog.nsf file from the web and other admin
    pages such as the user list page, connections page database page etc.

    Question is, is this just a low level threat or can a hacker use this
    info to hack further. Also clicking on some of the admin pages brings up
    a default page which says click here to access page. On a notes client
    its possible to click that page put not through http. Is there a
    workaround url that bypasses that page?

            SKP
            

    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:
    https://alerts.securityfocus.com/



    Relevant Pages

    • Re: faster scans? (nmap)
      ... one host using nmap for syn scans in burst mode with the ... >>>This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
      (Pen-Test)
    • Re: pen test help please asap
      ... > Machine A on client site makes a configurable encrypted OUTBOUND ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
      (Pen-Test)
    • Re: ettercap help
      ... Anyways have never tried Ettercap for VNC. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
      (Pen-Test)
    • Re: ettercap help
      ... > I can get it to sniff telnet, ftp, pop, smb, but no vnc. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
      (Pen-Test)
    • Re: Wardialing
      ... >>> achieving the connection with the modem. ... >>This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
      (Pen-Test)