Skip to main content

Software  >  Lotus  >  

Potential security issue with Domino Certificate Authority (CA) process commands
 Technote (FAQ)
 
 
Question
A customer contacted IBM® Lotus® to report a potential security issue with the usage of Certificate Authority (CA) process commands on the Lotus Domino® server console.
The use of uppercase characters with either the CA "activate" or "unlock" commands on the server console could result in the password being displayed in clear text.
 
Cause
To use the Domino server-based CA process, you must issue several commands at the server console. Both the "activate" (tell ca activate <certifier number> <password>) and unlock (tell ca unlock <idfile> <password>) require that a password be used.
Prior to Domino version 6.5.4, the password could be shown in clear text to the console.log text file and Admin panel depending on the operating systems. For more details, refer to Technote # 1167487 "Security Issue with CA Process in Domino 6.x Console on Solaris".

In Domino 6.5.4 or later, it has been found that if any character in the words "ca", "activate", or "unlock" are typed in uppercase, the password will be reflected in clear text on the console.log and Admin panel.
 
Answer
This issue was reported to Quality Engineering as SPR# KHON738QB6, and has been fixed in Lotus Domino releases 7.0.3 and 8.0. Refer to the Upgrade Central site for details on upgrading Notes/Domino.
Workaround
In prior releases, enter CA "activate" or "unlock" commands on the console using all lowercase.
 
 
 

Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.
Rate this page
Please take a moment to complete this form to help us better serve you.
This material provides me with the information I need.




This material is clear and easy to understand.




Did the information help you to achieve your goal?
What updates, improvements, or related information would you like to see in this document?
Your response will be used to improve our document content. Requests for assistance, if applicable, should be submitted through your normal support channel as we cannot respond from this site.
Input the verification number to submit feedback:
Document information
 Product categories:
 Software
 Messaging Applications
 Advanced Messaging
 Lotus Domino
 Lotus Domino Server
 Operating system(s):
  AIX, Linux, Solaris, Windows, i5/OS, z/OS
 Software version:
  6.0, 6.5, 7.0
 Reference #:
  1261095
 IBM Group:
 Software Group
 Modified date:
 2007-11-06

Translate My Page
 
 

Rate this page

Help us improve this page. Your response will be used to improve our document content. Requests for assistance, if applicable, should be submitted through your normal support channel as we cannot respond from this site.