CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2005-2428

Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.063

EPSS Ranking 90.5%

CVSS Severity

CVSS v2 Score 5.0

References

http://marc.info/?l=bugtraq&m=112240869130356&w=2
http://secunia.com/advisories/16231/
http://securitytracker.com/id?1014584
http://www-1.ibm.com/support/docview.wss?uid=swg21212934
http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf
http://www.osvdb.org/18462
http://www.securiteam.com/securitynews/5FP0E15GLQ.html
http://www.securityfocus.com/bid/14389
https://exchange.xforce.ibmcloud.com/vulnerabilities/21556
https://www.exploit-db.com/exploits/39495/
http://marc.info/?l=bugtraq&m=112240869130356&w=2
http://secunia.com/advisories/16231/
http://securitytracker.com/id?1014584
http://www-1.ibm.com/support/docview.wss?uid=swg21212934
http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf
http://www.osvdb.org/18462
http://www.securiteam.com/securitynews/5FP0E15GLQ.html
http://www.securityfocus.com/bid/14389
https://exchange.xforce.ibmcloud.com/vulnerabilities/21556
https://www.exploit-db.com/exploits/39495/

Products affected by CVE-2005-2428

Ibm » Lotus Domino » Version: 5.0

cpe:2.3:a:ibm:lotus_domino:5.0
Ibm » Lotus Domino » Version: 6.0

cpe:2.3:a:ibm:lotus_domino:6.0
Ibm » Lotus Domino » Version: 6.5

cpe:2.3:a:ibm:lotus_domino:6.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-2428

Products

Pricing

Contact Us