VULHUB ™

Lotus Notes is a tool for email, calendar, scheduling and collaboration tasks. The login dialogue box used by Notes displays a set of four hieroglyphics as a security feature. These characters are changed in a deterministic manner for each character typed beyond the fourth. A malicious party may be able to abuse this feature to determine the length of the user password. By watching as a valid user enters their password and counting the number of times the hieroglpyhics change, the attacker may determine the length of the password used.

Lotus Notes is a tool for email, calendar, scheduling and collaboration tasks. The login dialogue box used by Notes displays a set of four hieroglyphics as a security feature. These characters are changed in a deterministic manner for each character typed beyond the fourth. A malicious party may be able to abuse this feature to determine the length of the user password. By watching as a valid user enters their password and counting the number of times the hieroglpyhics change, the attacker may determine the length of the password used.