ID CVE-2005-2428
Summary Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696.
References
Vulnerable Configurations
  • IBM Lotus Domino 5.0
    cpe:2.3:a:ibm:lotus_domino:5.0
  • IBM Lotus Domino 6.0
    cpe:2.3:a:ibm:lotus_domino:6.0
  • IBM Lotus Domino 6.5
    cpe:2.3:a:ibm:lotus_domino:6.5
CVSS
Base: 5.0 (as of 03-08-2005 - 20:50)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
exploit-db via4
  • description IBM Lotus Domino. CVE-2005-2428. Webapps exploit for windows platform
    file exploits/windows/webapps/39495.py
    id EDB-ID:39495
    last seen 2016-02-26
    modified 2016-02-25
    platform windows
    port
    published 2016-02-25
    reporter Jonathan Broche
    source https://www.exploit-db.com/download/39495/
    title IBM Lotus Domino <= R8 Password Hash Extraction Exploit
    type webapps
  • description Lotus Domino <= R6 Webmail Remote Password Hash Dumper Exploit. CVE-2005-2428,CVE-2007-0977. Remote exploit for windows platform
    file exploits/windows/remote/3302.sh
    id EDB-ID:3302
    last seen 2016-01-31
    modified 2007-02-13
    platform windows
    port 80
    published 2007-02-13
    reporter Marco Ivaldi
    source https://www.exploit-db.com/download/3302/
    title Lotus Domino <= R6 Webmail Remote Password Hash Dumper Exploit
    type remote
nessus via4
NASL family Web Servers
NASL id DOMINO_HTTP_INFO_DISCLOSURE.NASL
description The remote host is running a version of Lotus Domino Server that is prone to several information disclosure vulnerabilities. Specifically, users' password hashes and other data are included in hidden fields in the public address book 'names.nsf' readable by default by all users. Moreover, Domino does not use a 'salt' to compute password hashes, which makes it easier to crack passwords.
last seen 2019-01-16
modified 2018-07-10
plugin id 19309
published 2005-07-27
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=19309
title IBM Lotus Domino HTML Hidden Field Encrypted Password Disclosure
packetstorm via4
data source https://packetstormsecurity.com/files/download/54436/lotus.sh.txt
id PACKETSTORM:54436
last seen 2016-12-05
published 2007-02-14
reporter Marco Ivaldi
source https://packetstormsecurity.com/files/54436/lotus.sh.txt.html
title lotus.sh.txt
refmap via4
bid 14389
bugtraq 20050726 CYBSEC - Security Advisory: Default Configuration Information
confirm http://www-1.ibm.com/support/docview.wss?uid=swg21212934
misc
osvdb 18462
sectrack 1014584
secunia 16231
xf lotus-domino-names-obtain-information(21556)
Last major update 17-10-2016 - 23:27
Published 03-08-2005 - 00:00
Last modified 09-09-2017 - 21:29
Back to Top