Vulnerability Development mailing list archives

RE: Enumerating users on a Domino webserver

From: "OBrien, Brennan" <BOBrien () columbia com>
Date: Wed, 30 Jan 2002 09:04:18 -0800

Sure do.  Excellent tool for enumeration.  Same holds true for OWA for
exchange.  This gives me the ability, over time, to guess out how the
usernames are formed, and provides me with an externally available tool
for initial password guessing.  



-----Original Message-----
From: nicob () nicob net [mailto:nicob () nicob net] 
Sent: Wednesday, January 30, 2002 8:55 AM
To: vuln-dev () securityfocus com
Subject: Enumerating users on a Domino webserver

Hi,

during a pen-test against a Domino 5.0.8 webserver, I was able to
enumerate valid users.

A simple "GET /mail/toto.nsf HTTP/1.0" redirects to the login page (with
a "200 OK" 
HTTP code) if the user "toto" exists and a "404 File not Found"  is
returned if the user 
doesn't exist.
This issue can allow a faster brute force attack on HTTP passwords.


I have search the Net for more information about this problem, but I
found nothing.

Can the readers reproduce this behaviour ?
Do you see others implications than users enumeration (for social
engineering and brute 
force attacks) ?


Nicob

Current thread:

Enumerating users on a Domino webserver nicob (Jan 30)
- Re: Enumerating users on a Domino webserver Bruno Mosconi (Jan 30)
- <Possible follow-ups>
- RE: Enumerating users on a Domino webserver OBrien, Brennan (Jan 30)