The Domino Passthru server security issues - follow up
It had bothered me for some time and I just had to get it out my system, and on to the next thing on my very long "To do" list. Sorry.
However I will be very glad if HCL would come forward and in a clear way state ...there is no security issue and explain what is going on in the Domino server when using PassThru.
They are then free to call me an idiot afterwords :-)
HCL Software does not have a Security Bounty Program
However to add to the mix of all this ..I do not understand why HCL Software do not have a Security Bounty Program ?
https://www.hcltech.com/software/psirt/hcl-software-vulnerability-disclosure-policy
An easy way to report security issues.
Every other big software company does.
"Domino Does Not Get Hacked. Ever."
HCL writes this on https://www.hcltechsw.com/domino/domino-security-is-best
Now that is of course a stupid thing to write ...because there is no software which is completely unhackable and safe.
For one I wrote about the highly insecure ... (Websphere) connector
Security hole leaves IBM Domino server wide open - Part One
A feature which HCL ended removing from Domino beginning in V12.0.1 due to its potential security issues
(and bringing it back in V12.0.2 .....why??)
Yes, HCL Domino has a great security model, because it is simple and logical in its nature.
But anyone who has worked with Notes/Domino for years knows that it is not perfect and has its cracks here and there.
Support Case
The reason I did not create a support case is that I do not have access to create a support case.
I am a BP and but I do not have access to create a support case.
I did try many to times to get it fixed and get access to support, but in the end I just ran out on energy on the matter
Instead I have since created many cases through a customers support account, so I believe I have done my share :-) ....
Posted on 06/07/2022 02:59:30 PM CEDT
Show Comments(3)
Create Comment