CVE-2005-2428

high

Description

Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696.

References

https://www.exploit-db.com/exploits/39495/

https://exchange.xforce.ibmcloud.com/vulnerabilities/21556

http://www.securityfocus.com/bid/14389

http://www.securiteam.com/securitynews/5FP0E15GLQ.html

http://www.osvdb.org/18462

http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf

http://www-1.ibm.com/support/docview.wss?uid=swg21212934

http://securitytracker.com/id?1014584

http://secunia.com/advisories/16231/

http://marc.info/?l=bugtraq&m=112240869130356&w=2

Details

Source: Mitre, NVD

Published: 2005-08-03

Updated: 2017-09-10

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High