Hosting Provided By

Lotus Notes

From: <svetsanj(at)hotmail.com>
Date: Wed Nov 27 2002 - 01:28:07 EST

We are doing a penetration testing for a client who has lotus notes. We were able to access the catalog.nsf file from the web and other admin pages such as the user list page, connections page database page etc.

Question is, is this just a low level threat or can a hacker use this info to hack further. Also clicking on some of the admin pages brings up a default page which says click here to access page. On a notes client its possible to click that page put not through http. Is there a workaround url that bypasses that page?

SKP

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ Received on Wed Nov 27 13:45:49 2002

This message: [ Message body ]
Next message: Robert E. Lee: "Re: Terminal Server brute force"
Previous message: Mathias Wegner: "Re: Cisco UBR920 cable router - SNMP to change telnet passwords?"
Next in thread: Chad Loder: "Re: Lotus Notes"
Reply: Chad Loder: "Re: Lotus Notes"
Reply: M. Zeeshan Mustafa: "Re: Lotus Notes"
Reply: David Barnett: "Re: Lotus Notes"
Reply: Grant Torresan: "Re: Lotus Notes"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:31 EDT