Potential IBM Lotus Notes information leakage on port 1352

Andrew Christiansen contacted IBM® Lotus® to report a potential vulnerability
in unauthenticated transactions using the Notes Remote Procedure Call (NRPC)
protocol on port 1352.
The advisory address is as follows:
http://www.fortconsult.net/artikler/advisories.php

The NRPC protocol uses an unauthenticated transaction to look up a user
who is not yet authenticated so that the user can fetch their ID file during
Notes® setup. This transaction is optionally used when a user is first
registered or when a roaming user connects from a new client."

IBM Lotus Notes information leakage on port 1352 via the Lotus Domino Support RSS feed.

Published by

lekkim

Positive, competent, out-spoken, frank and customer focused architect and developer with a strong foundation in web, cloud and product development. I'm a strong advocate for API first and cloud based solutions and development. I have a knack for being able to communicate and present technically complicated matters in conference, customer and training settings. I've previously acted as team member and leader in a product organisation. View all posts by lekkim