CVE-2005-2696 - IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book (NAB)

CVE-2005-2696

Summary

IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book (NAB), which allows remote attackers to obtain sensitive information via the (1) password digest field in the Administration tab of a Lotus Notes client, (2) "PasswordDigest" and "HTTPPassword" fields in the document properties in the NAB, or (3) a direct query to the Domino LDAP server, a different vulnerability than CVE-2005-2428.

References

Vulnerable Configurations

cpe:2.3:a:ibm:lotus_notes:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:*:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 18-10-2016 - 03:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bugtraq	20050820 IBM Lotus Notes multiple disclosures of password hashes
misc	http://www.venera.com/downloads/Lotus_password_disclosures.pdf

Last major update

18-10-2016 - 03:29

Published

26-08-2005 - 15:50

Last modified

18-10-2016 - 03:29