ID CVE-2007-0977
Summary IBM Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores HTTPPassword hashes from names.nsf in a manner accessible through Readviewentries and OpenDocument requests to the defaultview view, a different vector than CVE-2005-2428.
References
Vulnerable Configurations
  • IBM Lotus Domino 5.0
    cpe:2.3:a:ibm:lotus_domino:5.0
  • IBM Lotus Domino 6.0
    cpe:2.3:a:ibm:lotus_domino:6.0
CVSS
Base: 7.1 (as of 19-02-2007 - 11:36)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE NONE NONE
exploit-db via4
description Lotus Domino <= R6 Webmail Remote Password Hash Dumper Exploit. CVE-2005-2428,CVE-2007-0977. Remote exploit for windows platform
file exploits/windows/remote/3302.sh
id EDB-ID:3302
last seen 2016-01-31
modified 2007-02-13
platform windows
port 80
published 2007-02-13
reporter Marco Ivaldi
source https://www.exploit-db.com/download/3302/
title Lotus Domino <= R6 Webmail Remote Password Hash Dumper Exploit
type remote
metasploit via4
description Get users passwords hashes from names.nsf page
id MSF:AUXILIARY/SCANNER/LOTUS/LOTUS_DOMINO_HASHES
last seen 2019-03-31
modified 2018-08-21
published 2010-05-09
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/lotus/lotus_domino_hashes.rb
title Lotus Domino Password Hash Collector
refmap via4
exploit-db 3302
osvdb 35764
Last major update 15-11-2008 - 01:42
Published 15-02-2007 - 20:28
Last modified 10-10-2017 - 21:31
Back to Top