|
-
December 5th, 2005, 10:36 PM
#1
Lotus Notes Password Hash
Hello,
I had an interesting discussion today I would like to share to see if anyone has seen this before.
It seems in "names.nsf" file on a Notes server, the password hashes of the users listed can be seen. This can be done in numerous ways:
- By looking at the names.nsf in a browser window
- By looking at the source of names.nsf in an editor
- By looking up the address book itself and creating a view with the HTTPPassword field
- By exporting idvidual users in Notes and viewing this in text form
This is disturbing to me in more ways than one. I do not know if this hash is "crackable", and frankly am a little scared to find out.
Has anyone seen this before? What have you done? What CAN be done?
Thanks,
-Deeboe
If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
- Sun Tzu, The Art of War 
http://tazforum.**********.com/
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote