Lotus Notes' security has come under fire from experts who this week demonstrated how email accounts could easily be broken into.
The alleged problems were demonstrated at the most important hacker convention of the year, DefCon, which is being held in Las Vegas. Executives from two security companies - Security Design International and Trust Factory - demonstrated how crackers could break into a user's email box and send messages under that user's name.
Another flaw, relating to Domino server, was also demonstrated which the experts claimed could allow users to circumvent antivirus and malicious code defences.
Lotus said the first problem relied on crackers having access to a user's workstation and also relies on users having the same passwords for both Notes and Domino directory access.
The company said the most serious problem - that the encryption key used to unlock a user's Notes ID can be derived from the default format used to store the http password in the 'person document' in the Domino Directory - can easily be prevented and rests on access by a cracker to a workstation.
Fears about corruption by malicious code, raised because Notes does not issue additional warnings when ActiveX applets are launched under Internet Explorer, can also be addressed, Lotus said in a security notice.
However, it admitted: "When the default browser in Notes is configured to use 'Notes with Internet Explorer', it is subject to the types of attacks that can affect Internet Explorer as a standalone product. If the user ignores ActiveX warnings generated by Internet Explorer, the user may be vulnerable to malicious active content."
Lotus advises users "not to launch or run executable code or any kind from unknown/untrusted sources" and, as a precaution, to view instead of launch or detach attachments. Network administrators can upgrade to a stronger http password format using a tool introduced in R4.6.
Lotus said it has received no reports of attacks using the exploits.
Map selection, quick menus for grenades and healing items and automatic reload coming in PUBG update #22
Could be used for everything from search-and-rescue robots to wearable tech
Don't require the rare material being mined from the mountains of South America
IBM hopes that its new tool will avoid bias in artificial intelligence