IBM responds to Sametime exposing password

by Volker Weber

Recent comments in the developer community have raised concerns about the state of plug-in security in the Lotus environment. IBM takes the security of its products very seriously and aims to address customer concerns in this area. Specific to the observations about passwords in the system, these APIs exist to allow integration into password-based enterprise security models.

This note dances around the real issue. It does not fail to mention that browsers store passwords and provide them for SSO purposes. It does not mention however, that a Sametime plug-in can expose the Sametime password in cleartext. That is a huge difference. Windows does not expose your Windows password. Sametime will, if you login via Sametime to an Active Directory. Conveniently, blame can be attached elsewhere:

Regarding the deployment of 3rd party plug-ins, IBM recommends that customers take appropriate precautions to understand and control any code they permit users to install and run in their environment.

You have to lock all doors and windows. They are open when you move in.

More >

Comments

It's documented since ... uhmm ... ever? RTFM! And then decide if this is a security leak in your respective environment or not. What's the problem?

Ralf Stellmacher, 2009-02-09

Recent comments

Jochen Kattoll on Apple Watch :: Wie geht es weiter? at 13:26
Volker Weber on Apple Watch :: Wie geht es weiter? at 13:18
Jochen Kattoll on Apple Watch :: Wie geht es weiter? at 13:16
Volker Weber on Apple Watch :: Wie geht es weiter? at 23:39
Felix Binsack on Apple Watch :: Wie geht es weiter? at 23:31
Volker Weber on Apple Watch :: Wie geht es weiter? at 22:32
Volker Weber on Apple Watch :: Wie geht es weiter? at 22:29
Felix Binsack on Apple Watch :: Wie geht es weiter? at 20:22
Felix Binsack on Apple Watch :: Wie geht es weiter? at 20:19
Guenther Hoffmann on Apple Watch :: Wie geht es weiter? at 16:27
Volker Weber on Apple Watch :: Wie geht es weiter? at 16:22
Moritz Petersen on Apple Watch :: Wie geht es weiter? at 16:18
Volker Weber on Android 10 Updates for Nokia Phones at 15:46
Karl Heindel on Android 10 Updates for Nokia Phones at 15:31
Chris Lindley on Apple Watch :: Wie geht es weiter? at 15:15
Ralph Hammann on Android 10 Updates for Nokia Phones at 14:37
Volker Weber on Apple Watch :: Wie geht es weiter? at 13:51
Max Frank on Apple Watch :: Wie geht es weiter? at 12:50
Eric Bredtmann on Android 10 Updates for Nokia Phones at 12:26
Ralph Hammann on Android 10 Updates for Nokia Phones at 11:48
Volker Weber on Android 10 Updates for Nokia Phones at 10:17
Eric Bredtmann on Android 10 Updates for Nokia Phones at 10:15
Volker Weber on Apple Watch :: Wie geht es weiter? at 09:18
Max Frank on Apple Watch :: Wie geht es weiter? at 09:16
mario siy on Apple Watch :: Wie geht es weiter? at 09:15

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Contact
Publications
Stuff that works
Amazon Wish List
Frequently Asked Questions

rss feed  twitter  amazon

Local time is 15:39

visitors.gif

buy me coffee

Paypal vowe