Does Your MP7 and LotusNotes integration store passwords in plain text?

Unanswered Question
Jun 18th, 2010
User Badges:


We implemented the MeetingPlace 7.x integration with LotusNotes 8.5. Scheduling is working nice and everything's OK. Without the SSL mpsa database.

Then we found that int the MPSA.nsf database the scheduling template is creating "documents" with the information for meetingplace how and what kind of meeting to schedule. And there we found that all the usernames and passwords are stored there in a simple plaintext as a URL. Which I suppose is for the meetingplace to know about the new meetings...

So we asked to our Cisco tehcsupport what is this... they recomennded to make the integration using SSL. OK, yesterday we did so - created new database in LN domino server using the mpsa_ssl.nsf template. Scheduling is working, but the passwords in the documents are still in plaintext.

Maby the problem wouldn't be so big, but Cisco is requiring for the database very easy permissions, readwrite etc and a simple user can open the database and phish all the passwords for the users who had at least one successful meetingplace reservation.

Any ideas?

Please check You MP integrations - maby someone is already laughing at You and stealing all the passwds from your enterprise.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Igor Lukic Tue, 06/19/2012 - 01:00
User Badges:

Hi Girts,

I ran into the same issue.

The only way to avoid this issue, is to use Domino authentication. However this requires that the MeetingPlace user id and a field in Domino match (default is ShortName).

With Domino authentication the passwords are not stored in the MPSA / MPSA SSL database, due to the fact that user will be authenticated in Domino and if the user id (e.g. entry in the ShortName field) matches the MeetingPlace user id then the meeting will be successfully scheduled via the Lotus Notes calendar.

I hope this helps you solving the issue!

Kind regards,

Igor Lukic


This Discussion

Related Content