> Summary > ------- > A security vulnerability has been found in the popular Lotus Domino Web server. SNIP > normal url: http://host.com/log.nsf <---- Request for a passwd > modify url: http://host.com/log.ntf<buff>.snf/ This is a known problem and has already been addressed by Lotus. Regardless, the .ntf file you're accessing here is a notes template file and is the model upon which the real log database (.nsf) is based upon. There is nothing in these template files of worth save for the Domino Web Administrator template. As anonymous access can be gained to this template attackers can use some of the functionality to read text files on the system or enumerate databases. Also of note is cache.dsk. Using the same techinique attackers can access this cache file which can allow an attacker to enumerate databases on the remote system. To protect against this problem install the patch from Lotus. Further, using Domino Designer set the ACLs on the Web Administrator template to prevent anonymous access. Please note that in future distributions Lotus has defaulted the ACLs on webadmin.ntf to prevent access. Cheers, David Litchfield http://www.ngssoftware.com/ p.s. NGSSoftware's DominoScan can be used to determine if your Domino server is vulnerable to this problem.
