Click above to see how safe your Domino HTTP password is Verify that your HIPAA compliance is not threatened by a weak password Eliminate the "I forgot my password" calls Kill a few minutes playing the guessing game with PMX

What is PMX?

A Domino password cracker utility. Lightning fast.

The Notes HTTP Password stored in the Lotus Notes directory (PNAB) is a notoriously weak protection against unauthorized accesses. The main reason is that older or incorrectly installed versions of Domino do not provide password quality or management for HTTP access, unlike its "fat" Lotus Notes client.

The goal of PMX is to prove our point that the emperor has no pants: Given minimal access (reader, pretty much anybody in your company), many user account are easily compromised.


What PMX is not

a) A utility for external people to hack into your system. PMX requires as input the hash of user password --- only internal users would have that, since it requires a Lotus Notes client and reader access to your PNAB.

b) A tool to crack automatically all the persons entries in your PNAB. We call that the "full" PMX. We debated if we should release a full PMX in the wild world; and decided against that. If you want the full PMX, you have to contact us--and convince us that you are a Notes Administrator, an authorized Auditor or a Security Officer with good reasons to try to crack your own PNAB. On average, full PMX cracks 5% of all passwords.

In the meanwhile, feel free to try one password at the time...


How do I protect myself?

You need to implement a Password Management Policy. It is something that controls the quality of passwords and their renewal frequency. Passwords like "KLR650APR01" provide great protection--and cannot be guessed by PMX. Domino 7 provides better password management. Alternatively, contact us, we have inexpensive utilities to protect you.