From: AdamT (adwulf@gmail.com)
Date: Mon Nov 28 2005 - 11:27:07 EST
On 11/28/05, Francois Labreque <flabreq@ca.ibm.com> wrote:
> >
> > Can't you just sniff them off the wire?
> >
>
> Lotus Notes traffic and passwords and encrypted on the wire.
>
The Notes 'internet password' is stored encrypted, but if it's being
used to access a POP3/IMAP mailbox, or HTTP daemon or suchlike which
isn't encrypted, the password will be cleartext. This isn't the
password for the .id files, but it will let you effectively 'be' that
user for whichever services like that are enabled.
-- AdamT "Maidenhead is *not* in Kent" ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:12 EDT