Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN ibm
nessus
exploit available
Published: 2005-08-03
Updated: 2024-11-20
Summary
Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696.
Vulnerable Configurations
Part | Description | Count |
Application | Ibm | 3 |
Exploit-Db
description | IBM Lotus Domino. CVE-2005-2428. Webapps exploit for windows platform |
file | exploits/windows/webapps/39495.py |
id | EDB-ID:39495 |
last seen | 2016-02-26 |
modified | 2016-02-25 |
platform | windows |
port | |
published | 2016-02-25 |
reporter | Jonathan Broche |
source | https://www.exploit-db.com/download/39495/ |
title | IBM Lotus Domino <= R8 Password Hash Extraction Exploit |
type | webapps |
description | Lotus Domino <= R6 Webmail Remote Password Hash Dumper Exploit. CVE-2005-2428,CVE-2007-0977. Remote exploit for windows platform |
file | exploits/windows/remote/3302.sh |
id | EDB-ID:3302 |
last seen | 2016-01-31 |
modified | 2007-02-13 |
platform | windows |
port | 80 |
published | 2007-02-13 |
reporter | Marco Ivaldi |
source | https://www.exploit-db.com/download/3302/ |
title | Lotus Domino <= R6 Webmail Remote Password Hash Dumper Exploit |
type | remote |
Nessus
NASL family | Web Servers |
NASL id | DOMINO_HTTP_INFO_DISCLOSURE.NASL |
description | The remote host is running a version of Lotus Domino Server that is prone to several information disclosure vulnerabilities. Specifically, users |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 19309 |
published | 2005-07-27 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/19309 |
title | IBM Lotus Domino HTML Hidden Field Encrypted Password Disclosure |
Seebug
bulletinFamily | exploit |
description | No description provided by source. |
id | SSV:13490 |
last seen | 2017-11-19 |
modified | 2007-02-13 |
published | 2007-02-13 |
reporter | Root |
source | https://www.seebug.org/vuldb/ssvid-13490 |
title | Lotus Domino <= R6 Webmail Remote Password Hash Dumper Exploit |
bulletinFamily | exploit |
description | No description provided by source. |
id | SSV:64478 |
last seen | 2017-11-19 |
modified | 2014-07-01 |
published | 2014-07-01 |
reporter | Root |
source | https://www.seebug.org/vuldb/ssvid-64478 |
title | Lotus Domino <= R6 Webmail Remote Password Hash Dumper Exploit |
bulletinFamily | exploit |
description | No description provided by source. |
id | SSV:6191 |
last seen | 2017-11-19 |
modified | 2007-02-14 |
published | 2007-02-14 |
reporter | Root |
source | https://www.seebug.org/vuldb/ssvid-6191 |
title | Lotus Domino <= R6 Webmail Remote Password Hash Dumper Exploit |