Vulnerabilities > CVE-2005-2428 - Unspecified vulnerability in IBM Lotus Domino 5.0/6.0/6.5
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Exploit-Db
description IBM Lotus Domino. CVE-2005-2428. Webapps exploit for windows platform file exploits/windows/webapps/39495.py id EDB-ID:39495 last seen 2016-02-26 modified 2016-02-25 platform windows port published 2016-02-25 reporter Jonathan Broche source https://www.exploit-db.com/download/39495/ title IBM Lotus Domino <= R8 Password Hash Extraction Exploit type webapps description Lotus Domino <= R6 Webmail Remote Password Hash Dumper Exploit. CVE-2005-2428,CVE-2007-0977. Remote exploit for windows platform file exploits/windows/remote/3302.sh id EDB-ID:3302 last seen 2016-01-31 modified 2007-02-13 platform windows port 80 published 2007-02-13 reporter Marco Ivaldi source https://www.exploit-db.com/download/3302/ title Lotus Domino <= R6 Webmail Remote Password Hash Dumper Exploit type remote
Nessus
| NASL family | Web Servers |
| NASL id | DOMINO_HTTP_INFO_DISCLOSURE.NASL |
| description | The remote host is running a version of Lotus Domino Server that is prone to several information disclosure vulnerabilities. Specifically, users |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 19309 |
| published | 2005-07-27 |
| reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/19309 |
| title | IBM Lotus Domino HTML Hidden Field Encrypted Password Disclosure |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/54436/lotus.sh.txt |
| id | PACKETSTORM:54436 |
| last seen | 2016-12-05 |
| published | 2007-02-14 |
| reporter | Marco Ivaldi |
| source | https://packetstormsecurity.com/files/54436/lotus.sh.txt.html |
| title | lotus.sh.txt |
Seebug
bulletinFamily exploit description No description provided by source. id SSV:13490 last seen 2017-11-19 modified 2007-02-13 published 2007-02-13 reporter Root source https://www.seebug.org/vuldb/ssvid-13490 title Lotus Domino <= R6 Webmail Remote Password Hash Dumper Exploit bulletinFamily exploit description No description provided by source. id SSV:64478 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-64478 title Lotus Domino <= R6 Webmail Remote Password Hash Dumper Exploit bulletinFamily exploit description No description provided by source. id SSV:6191 last seen 2017-11-19 modified 2007-02-14 published 2007-02-14 reporter Root source https://www.seebug.org/vuldb/ssvid-6191 title Lotus Domino <= R6 Webmail Remote Password Hash Dumper Exploit
References
- http://marc.info/?l=bugtraq&m=112240869130356&w=2
- http://secunia.com/advisories/16231/
- http://securitytracker.com/id?1014584
- http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf
- http://www.osvdb.org/18462
- http://www.securiteam.com/securitynews/5FP0E15GLQ.html
- http://www.securityfocus.com/bid/14389
- http://www-1.ibm.com/support/docview.wss?uid=swg21212934
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21556
- https://www.exploit-db.com/exploits/39495/