Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Does Your MP7 and LotusNotes integration store passwords in plain text?

Hi!

We implemented the MeetingPlace 7.x integration with LotusNotes 8.5. Scheduling is working nice and everything's OK. Without the SSL mpsa database.

Then we found that int the MPSA.nsf database the scheduling template is creating "documents" with the information for meetingplace how and what kind of meeting to schedule. And there we found that all the usernames and passwords are stored there in a simple plaintext as a URL. Which I suppose is for the meetingplace to know about the new meetings...

So we asked to our Cisco tehcsupport what is this... they recomennded to make the integration using SSL. OK, yesterday we did so - created new database in LN domino server using the mpsa_ssl.nsf template. Scheduling is working, but the passwords in the documents are still in plaintext.

Maby the problem wouldn't be so big, but Cisco is requiring for the database very easy permissions, readwrite etc and a simple user can open the database and phish all the passwords for the users who had at least one successful meetingplace reservation.

Any ideas?

Please check You MP integrations - maby someone is already laughing at You and stealing all the passwds from your enterprise.

2 REPLIES
New Member

Re: Does Your MP7 and LotusNotes integration store passwords in

check it using Your web browser open http://dominoserver/mpsa.nsf for us it's working - showing these plaintext urls and other stuff...

New Member

Does Your MP7 and LotusNotes integration store passwords in plai

Hi Girts,

I ran into the same issue.

The only way to avoid this issue, is to use Domino authentication. However this requires that the MeetingPlace user id and a field in Domino match (default is ShortName).

With Domino authentication the passwords are not stored in the MPSA / MPSA SSL database, due to the fact that user will be authenticated in Domino and if the user id (e.g. entry in the ShortName field) matches the MeetingPlace user id then the meeting will be successfully scheduled via the Lotus Notes calendar.

I hope this helps you solving the issue!

Kind regards,

Igor Lukic

341
Views
0
Helpful
2
Replies