Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Lotus Domino administration databases
Information
Severity
Severity
High
Family
Family
Web Servers
CVSSv2 Base
CVSSv2 Base
7.5
CVSSv2 Vector
CVSSv2 Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
Solution Type
Solution Type
Workaround
Created
Created
18 years ago
Modified
Modified
5 years ago
Summary
This script determines if some default databases can be read remotely. An anonymous user can retrieve information from this Lotus Domino server: users, databases, configuration of servers (including operating system and hard disk partitioning), logs of access to users (which could expose sensitive data if GET html forms are used). This issues are discussed in the references 'Lotus White Paper: A Guide to Developing Secure Domino Applications' (december 1999).
Solution
Solution
Verify all the ACLs for these databases and remove those not needed.