Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 443
  • Last Modified:

Lotus Notes - users password is in clear text. Can I hide?

IWe have been having security issues with mail breaches internally. I was astounded to see that Domino admins can access a users Lotus password - in clear text.
Can this be hidden?
Version is R5

I come from an exchange background. I saw an admin retrieve a pasword, but failed to note how. If someone coudl indicate where it sits, I wish to demonstrate my concerns to MD.

Is this a flaw or simply an oversight of Lotus
0
Danno2013
Asked:
Danno2013
  • 3
  • 2
1 Solution
 
Sjef BosmanGroupware ConsultantCommented:
AFAIK, no password can (or has) ever be retrieved from Notes or Domino by itself. Therefore, the breach must lie with the admins. I suppose they keep some file or database with the passwords, or the password can be generated from the user's name. That is, the *initial* password, because it used to possible to use an older ID-file to gain access when you had the accompanying password. That's how Notes security is defined: you need a strong password to open the ID-file; the ID-file contains the user's private key that is used to get access to the server and sign or decrypt documents. If you make a copy of the ID-file and change its password, the original ID-file still has the original password. That's not a Notes flaw, that is a serious problem of the admins with the keys of the building. They should be utterly careful with those keys.
0
 
Bill-HansonCommented:
I'll confirm sjef's post.  He is 100% correct.  Your admins maintained a list of original passwords.

No points for me, please.
0
 
Sjef BosmanGroupware ConsultantCommented:
(Off-topic: Hi Bill, is there any way I can send you a mail? )
0
 
Bill-HansonCommented:
Sure.  How can I get my address to you without posting it directly on this site?
0
 
Sjef BosmanGroupware ConsultantCommented:
My mail address is in my EE-profile, somewhere in the middle. Thanks!
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now