IBM Lotus Notes Insecure Default Directory Permissions

Yet another reason to upgrade to Lotus Notes version 7.0.2. According to Secunia, Lotus Notes sets insecure default permissions (grants “Everyone” group “Full Control”) on the “notes” directory and all child objects. This can be exploited to remove, manipulate, and replace any of the application’s files. Head over to the Secunia website for a full list of all known security bulletins for Lotus Notes 6.x vulnerabilities and Lotus Notes 7.x vulnerabilities. Just in case you are an administrator, you can opt in for alerts via email or SMS.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.