, SecurityFocus 2000-07-29
White Hat hackers from the Netherlands plan to blow the lid off Lotus Notes security. Just another Saturday night at DefCon.
All the versions are vulnerable to this, since they've been using the same hash mechanism since inception.
"We've already talked to a few of our clients and told them that we're going public with this, and they're scared," says Goggans, a consultant with Virginia-based Security Design International.
Goggans, along with Trust Factory's Wouter Aukema, Patrick Guenther and Kevin McPeake, are presenting the results of months of poking and prodding at Lotus Notes, the comprehensive office collaboration platform that is the standard work-a-day tool for 60 million people at 10 thousand different companies and government agencies, according to Lotus.
Despite its broad base, Notes has been largely unexplored territory for hackers. Though it handles email, it has yet to be plagued by a Melissa or LoveLetter virus. It's the database tool of choice for many government agencies, but its files have generally gone unplundered.
That may change after Trust Factory and SDI announce at the world's largest hacker convention that they've discovered a serious weakness in Notes password scheme.
Notes passwords are stored and verified as a "one-way hash," a scrambled alphanumeric string that, in theory, cannot be descrambled. Hash mechanisms are a common method of handling passwords, but such systems typically inject a random number into the mix, called a 'salt,' to prevent attackers from building a comprehensive dictionary of every possible password in hashed form. On a Unix system, for example, the word 'secret' can be encoded in 4096 different ways.
The researchers discovered that Notes scrambles its password without a salt. So the password 'secret' is always encoded as 06E0 A50B 579A D2CD 5FFD C485 6462 7EE7. The word 'password' is always stored as 355E 98E7 C7B5 9BD8 10ED 845A D0FD 2FC4.
That predictability makes attacking Notes passwords, and gaining access to email, databases, and everything else a user can access, shockingly simply for an attacker who can access the hash. "All the versions are vulnerable to this, since they've been using the same hash mechanism since inception," says Goggans.
The hashes are stored in the "Name and Address Book" file names.nsf, which is accessible to every Notes user in an organization. More importantly, many Notes servers are wide open to access over the web, allowing attackers to simply download the scrambled passwords, and then attack them. "We've gone around, and there are a lot of sites that have the Name and Address Book available over the Internet," says Trust Factory's Kevin McPeake.
An attacker may not even have to crack the password. Trust Factory found that if the user's Internet Notes password is the same as their local Notes password, and their "UserID" file is publicly accessible, the hashed password is enough to crack their account. Trust Factory even wrote a program that opens Notes accounts remotely under these circumstances. They call it "Sesame."
A spokesperson for IBM-owned Lotus confirmed the discovery, and said the company was grateful for SDI and Trust Factory's work.
Goggans says they don't plan to publicly release Sesame, and will not provide enough specific information during their DefCon presentation for attackers to immediately exploit the weaknesses. Nevertheless, security conscious administrators should consider removing UserID files from public view, blocking access to the Domino server from the Internet, and switching to an optional, more powerful hash setting, says Goggans. And it wouldn't hurt to do it before 7:00 p.m., Las Vegas time.