T 3.113 Incorrect configuration of a Lotus Notes client or an external client with access to Lotus Domino

Different client components can be used for the treated Lotus Domino versions 8.x. This includes the Lotus Notes clients (standard client, basic client, developer client, and administrative client), browsers (using iNotes), specific clients for PDAs (and other mobile end devices), and third party email clients with Domino access using POP3 and/or IMAP interfaces. The misconfiguration of a client component may impair the availability, confidentiality, or integrity of the data on the Lotus Notes/Domino platform and may allow for successful attacks to the platform.

Both Lotus Notes Fat clients of the versions 8.x and higher are more complex than those of the previous versions. The standard client inherits the complexity of the Eclipse framework and the basic client is characterised by the increasing complexity of the Lotus Notes services. This increases the probability of misconfigurations.

Some typical misconfigurations of a Lotus Notes client are described below:

• Lack of or insufficient encryption of confidential information of the Lotus Notes client on the client side (e.g. the Notes-ID) and client-side databases (including replicas):
  
  In order to prevent unauthorised persons from being able to access confidential data when an end device with a Lotus Notes client is lost or stolen, either the end device or at least the confidential information on the Notes client (including the ID and existing certificates) must be encrypted in a sufficiently secure manner.
• Incorrect client-side settings for replication:
  
  For example, this may cause data to be deleted from the server that can only be restored expensively when the deletion is discovered too late.
• Incorrect client-side settings for email recall:
  
  These settings must be consistent with the corresponding organisation policy regarding the way email recalls are handled in the context of the binding nature of emails.
• Incorrectly configured Execution Control List (ECL):
  
  The Execution Control List (ECL) controls which active contents can be executed in a Lotus Notes client and which authorisations you are granted. If the ECL is misconfigured, the active contents may also be used in order to attack the Lotus Notes client. If the ECL is misconfigured, this may cause the following regarding active contents, for example:
  • Access to local data on the client computer (databases, files etc.) being taken and files ""stolen"
  • Local data being changed or deleted
  • Installation of malware such as computer viruses or Trojan horses.
• Extensive access to the configuration settings of the Lotus Notes client for the users:
  
  The configuration settings of a Lotus Notes client may have significant effects on the security of the client (also on the security of the Lotus Notes/Domino platform). Therefore, it is dangerous if users are authorised to change security-relevant configurations of the client.

The issues mentioned are examples of possible threats caused by client-side misconfigurations. Depending on the corresponding application environment, further threats may occur.

Misconfiguration may also cause security problems when using browsers as Notes clients (using iNotes or the Domino web server) and regarding specific clients for PDAs and comparable mobile end devices, as well as when using "third party" email clients via POP3 and/or IMAP interfaces. This depends on the configuration settings of the browser used or the third party clients and may affect the execution of active contents within the browser and/or client or the communication with the Domino server, for example.

Example:

On a stolen laptop without hard disk encryption with Lotus Notes client, emails containing confidential information are copied from the unencrypted local replica of the email database and made available to the competition or the media.