Notes Internet Password Field

By Roger on May 29, 2008 2:50 PM | | Comments (0) | TrackBacks (0)

I was done in by the Lotus Notes Internet Password hash in R5 today (yeah its ancient).

I changed my domain password and used some words wrapped in parentheses like the following (my Blue shoe). Normally this would be a decent password. But at our company passwords are synched from Active Directory to the Lotus Notes Internet password field. In that field in Notes anything inside parenthesis is presumed to be encrypted already. So anyone in the company looking in the right place could see my password in plain text!

Categories

General

Tags

0 TrackBacks

Listed below are links to blogs that reference this entry: Notes Internet Password Field .

TrackBack URL for this entry: http://www.infosecblog.org/mt-tb20071121.pl/733

Leave a comment

Powered by Ajax Comments

About this Entry

This page contains a single entry by Roger published on May 29, 2008 2:50 PM.

New Adobe Flash Vulnerability was the previous entry in this blog.

Implementing Verisign PKI is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Subscribe to feed Subscribe to this blog's feed
Add to Google
Please contact me by leaving a comment where appropriate. Otherwise, you can click here to reveal an email address for me.
Got Backups? Get Safe Online Remember Rick Rescorla Powered by Movable Type 4.2-en

Search