http://seclists.org/pen-test/2008/May/64
Here's a list of useful resources on Lotus Domino/Notes security:http://www.dominosecurity.org/http://www.ngssoftware.com/papers/hpldws.pdfhttp://www.fortconsult.net/images/pdf/lotusnotes_keyfiles.pdfhttp://seclists.org/pen-test/2002/Nov/0034.html (all thread)http://seclists.org/pen-test/2007/Jul/0111.html (all thread)http://documents.iss.net/whitepapers/domino.pdfhttp://www-128.ibm.com/developerworks/views/lotus/library.jsphttp://www-128.ibm.com/developerworks/lotus/security/http://www.redbooks.ibm.com/redbooks/pdfs/sg247017.pdfhttp://www.redbooks.ibm.com/pubs/pdfs/redbooks/sg245341.pdfhttp://www.nsftools.com/Some testing tools:http://packetstormsecurity.org/UNIX/scanners/DominoHunter-0.92.ziphttp://packetstormsecurity.org/UNIX/scanners/domino.tar.gzhttp://www.cqure.net/wp/?page_id=17http://www.appsecinc.com/products/appdetective/domino/ (commercial!)http://www.rapid7.com/nexpose/features.jsp (commercial!)http://www.openwall.com/johnhttp://usuarios.lycos.es/reinob/http://www.nestonline.com/lcrack/http://www.securiteinfo.com/download/dhb.ziphttp://www.cqure.net/wp/?page_id=12http://www-128.ibm.com/developerworks/lotus/downloads/Other commercial password crackers from Elcomsoft/Passware/etc.And some exploits:http://www.0xdeadbeef.info/exploits/raptor_dominohashhttp://www.milw0rm.com/exploits/3602http://www.milw0rm.com/exploits/3616http://www.milw0rm.com/exploits/4207http://www.milw0rm.com/exploits/4574