DominoSecurity Newsletter
(from
DominoSecurity.org
)
Date:
07/22/2005
Title:
Domino webmail vulnerability
Contents:
Hello DominoSecurity readers,
Lotus recently posted the following security alert about standard Domino webmail. This means browser access to a regular mail database (not iNotes). I consider this a moderately important issue, since many Domino webmail sites have swiched to some version of iNotes. The problem relates to HTML attachments being loaded immediately instead of prompting the user to save or open them.
http://www.ibm.com/support/docview.wss?rs=463&uid=swg21211783
My thanks again to Patrick I. for bringing this to my attention and for pushing Lotus to respond.
Chuck Connell
781-939-0505 (office)
connell@chc-3.com
-- email
www.chc-3.com
-- My home page
www.DominoAdministration.com
-- Outsourced administration services for Domino and Notes
www.DominoSecurity.org
-- The best source for security information about Domino and Notes
(NOTE: I use a spam filter for inbound mail. In some cases, this filter
rejects legitimate messages. If I do not answer your mail, please call
me on the phone.)