Affected version: 2002, 2003
Juha-Matti Laurio reported a vulnerability in the Microsoft Outlook Connector for IBM Lotus Domino. A user can choose to store passwords locally in violation of Group Policy. A remote authenticated user can select ‘Remember password’ when authenticating to a Lotus Domino server, causing the user’s password to be cached locally even if there is a Group Policy that prohibits local password caching.
The flaw resides in ‘MSOC32.dll’ and ‘MSOCep.dll’. The system may also store older, previous passwords.
Impact: A user can choose to store passwords locally in violation of Group Policy.
Solution: A hotfix is available from Microsoft Product Support Services, as described in a knowledge base article: