cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
650
Views
0
Helpful
2
Replies

Does Your MP7 and LotusNotes integration store passwords in plain text?

acidburn82
Level 1
Level 1

Hi!

We implemented the MeetingPlace 7.x integration with LotusNotes 8.5. Scheduling is working nice and everything's OK. Without the SSL mpsa database.

Then we found that int the MPSA.nsf database the scheduling template is creating "documents" with the information for meetingplace how and what kind of meeting to schedule. And there we found that all the usernames and passwords are stored there in a simple plaintext as a URL. Which I suppose is for the meetingplace to know about the new meetings...

So we asked to our Cisco tehcsupport what is this... they recomennded to make the integration using SSL. OK, yesterday we did so - created new database in LN domino server using the mpsa_ssl.nsf template. Scheduling is working, but the passwords in the documents are still in plaintext.

Maby the problem wouldn't be so big, but Cisco is requiring for the database very easy permissions, readwrite etc and a simple user can open the database and phish all the passwords for the users who had at least one successful meetingplace reservation.

Any ideas?

Please check You MP integrations - maby someone is already laughing at You and stealing all the passwds from your enterprise.

2 Replies 2

acidburn82
Level 1
Level 1

check it using Your web browser open http://dominoserver/mpsa.nsf for us it's working - showing these plaintext urls and other stuff...

Igor Lukic
Spotlight
Spotlight

Hi Girts,

I ran into the same issue.

The only way to avoid this issue, is to use Domino authentication. However this requires that the MeetingPlace user id and a field in Domino match (default is ShortName).

With Domino authentication the passwords are not stored in the MPSA / MPSA SSL database, due to the fact that user will be authenticated in Domino and if the user id (e.g. entry in the ShortName field) matches the MeetingPlace user id then the meeting will be successfully scheduled via the Lotus Notes calendar.

I hope this helps you solving the issue!

Kind regards,

Igor Lukic

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: