Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2005-2428 | First vendor Publication | 2005-08-03 |
Vendor | Cve | Last vendor Modification | 2017-09-10 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2428 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-21 | Exploitation of Session Variables, Resource IDs and other Trusted Credentials |
CAPEC-31 | Accessing/Intercepting/Modifying HTTP Cookies |
CAPEC-167 | Lifting Sensitive Data from the Client |
CWE : Common Weakness Enumeration
% | Id | Name |
---|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
ExploitDB Exploits
id | Description |
---|---|
2007-02-13 | Lotus Domino <= R6 Webmail Remote Password Hash Dumper Exploit |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
18462 | IBM Lotus Domino HTML Hidden Field Encrypted Password Disclosure |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2005-07-27 | Name : The remote web server is affected by multiple information disclosure vulnerab... File : domino_http_info_disclosure.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:03:05 |
|
2021-04-22 01:03:21 |
|
2020-05-23 00:16:43 |
|
2017-09-10 09:23:42 |
|
2017-07-11 12:01:58 |
|
2016-10-18 12:01:44 |
|
2016-06-28 15:20:17 |
|
2016-04-26 13:42:10 |
|
2014-02-17 10:32:16 |
|
2013-05-11 11:29:19 |
|