Vulnerability Lotus Notes Affected Lotus Notes all R5 client versions up to the latest R5.0.5 Description Vinci Chou found following. If you receive a clear signed S/MIME e-mail with a broken signature, e.g. the mail body is modified by a third party during transmission, Lotus Notes client does not warn you that the signature is broken. The mail is displayed just like any unsigned e-mail. If you receive an encrypted S/MIME e-mail that is corrupted, Lotus Notes client display a blank message. Other Internet mail clients would display warning messages in both cases. Not sure if this should be classified as security vulnerability. The warning is an indication that someone may be tampering with the messages. The lack of warning is also very misleading especially in places where digital signature is recognised by law. R5 has been on the market for about two years and it is real disappointed that these obvious problems are still there in the latest R5.0. Solution Patch not available so far.