Re: Password cracking / recovery Lotus Notes R6

• Previous message: Richard Zaluski: "RE: Password cracking / recovery Lotus Notes R6"
• In reply to: Francois Labreque: "Re: Password cracking / recovery Lotus Notes R6"
• Next in thread: Joachim Schipper: "Re: Password cracking / recovery Lotus Notes R6"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 28 Nov 2005 16:27:07 +0000
To: pen-test@securityfocus.com

On 11/28/05, Francois Labreque <flabreq@ca.ibm.com> wrote:

> >
> > Can't you just sniff them off the wire?
> >
>
> Lotus Notes traffic and passwords and encrypted on the wire.
>
The Notes 'internet password' is stored encrypted, but if it's being
used to access a POP3/IMAP mailbox, or HTTP daemon or suchlike which
isn't encrypted, the password will be cleartext. This isn't the
password for the .id files, but it will let you effectively 'be' that
user for whichever services like that are enabled.

--
AdamT
"Maidenhead is *not* in Kent"
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Previous message: Richard Zaluski: "RE: Password cracking / recovery Lotus Notes R6"
• In reply to: Francois Labreque: "Re: Password cracking / recovery Lotus Notes R6"
• Next in thread: Joachim Schipper: "Re: Password cracking / recovery Lotus Notes R6"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: 3rd party vuln assesment firms ... > "We use the same tools hackers bring to bear against your systems. ... >> I'm looking for a firm to conduct annual 3rd party vulnerability ... Up to 75% of cyber attacks are launched on shopping ... >> your website for vulnerabilities to SQL injection, ... (Pen-Test) RE: 3rd party vuln assesment firms ... > "We use the same tools hackers bring to bear against your systems. ... >> I'm looking for a firm to conduct annual 3rd party vulnerability ... Up to 75% of cyber attacks are launched on shopping ... >> your website for vulnerabilities to SQL injection, ... (Pen-Test) RE: Penetration test of 1 IP address ... Before I do anything very intrusive I personally go to the website ... Also remember once you have found a vulnerability, ... Hackers are concentrating their efforts on attacking applications on ... Up to 75% of cyber attacks are launched on shopping ... (Pen-Test) Re: Whitespace in passwords ... input password is alphanumeric + special characters -- chances are strong ... >> Hackers are concentrating their efforts on attacking applications on ... Up to 75% of cyber attacks are launched on shopping ... >> your website for vulnerabilities to SQL injection, ... (Pen-Test) Re: Qualys ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on ... Up to 75% of cyber attacks are launched on shopping carts, ... (Pen-Test)