CVE-2005-2428 - Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data f

CVE-2005-2428

Summary

Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696.

References

Vulnerable Configurations

cpe:2.3:a:ibm:lotus_domino:5.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:5.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:6.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:6.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:6.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:6.5:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 10-09-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	14389
bugtraq	20050726 CYBSEC - Security Advisory: Default Configuration Information
confirm	http://www-1.ibm.com/support/docview.wss?uid=swg21212934
exploit-db	39495
misc	http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf http://www.securiteam.com/securitynews/5FP0E15GLQ.html
osvdb	18462
sectrack	1014584
secunia	16231
xf	lotus-domino-names-obtain-information(21556)

Last major update

10-09-2017 - 01:29

Published

03-08-2005 - 04:00

Last modified

10-09-2017 - 01:29