Notes/Domino flaw enables to steal ID files – via NRPC protocol

As users familiar with Notes/Domino systems know, publishing Address Books at company Web site is not a good idea.

Let’s look the risks of ID files now. It was not covered widely last week when information about information disclosure vulnerability in Domino systems was published. Notes Remote Procedure Call (NRPC) protocol on port 1352 enables to download user ID files remotely. Huh!

Versions 5.0, 6.0, 6.5, and 7.0 are affected. Fixed versions 6.5.5 Fix Pack 2 (FP2) and 7.0.2 have been released. There is no fix for R5 versions any more, because R5 is not supported any more. The vendor states that Windows, Linux, AIX and Solaris systems are vulnerable.

IBM Technote document #1248026 available here.

More details via FortConsult advisory [PDF] of Mr. Andrew Christensen.

But old fashioned organisations possible using Notes R5 still – it’s time to upgrade to R6 or R7 ASAP.

  • louie

    i have read the pdf above,does someone have the tow pl format program to steal ID files ? or have the nprc protocol?