The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console_Password), which allows physically proximate attackers to perform administrative changes or obtain sensitive information via a (1) Load, (2) Tell, or (3) Set Configuration command.
http://www.zerodayinitiative.com/advisories/ZDI-11-110
http://www.securityfocus.com/archive/1/517119/100/0/threaded
http://www.lotus.com/ldd/dominowiki.nsf/dx/server_console_password