Lotus Notes Password Hieroglyphics Information Disclosure Vulnerability

Lotus Notes is a tool for email, calendar, scheduling and collaboration tasks. The login dialogue box used by Notes includes a number of security features, including a set of four hieroglyphic characters. The goal of these characters is to increase the difficulty of spoofing the login dialog.

An attacker with knowledge of the expected hieroglyphic sequence for a given login may use this dialog to perform a brute force attack. This will eliminate a number of incorrect passwords, reducing the search space by approximately a factor of two. A conventional brute force attack against the remaining possibilities will then be required.


 

Privacy Statement
Copyright 2010, SecurityFocus