CVE-2005-2696
published 2005-08-26CVE-2005-2696: IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book (NAB), which allows remote attackers to obtain sensitive…
PriorityP424medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
2.23%
80.6th percentile
IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book (NAB), which allows remote attackers to obtain sensitive information via the (1) password digest field in the Administration tab of a Lotus Notes client, (2) "PasswordDigest" and "HTTPPassword" fields in the document properties in the NAB, or (3) a direct query to the Domino LDAP server, a different vulnerability than CVE-2005-2428.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | lotus_domino | — | — |
| ibm | lotus_domino | — | — |
| ibm | lotus_domino | — | — |
| ibm | lotus_notes | — | — |
| ibm | lotus_notes | — | — |
| ibm | lotus_notes | — | — |
| ibm | lotus_notes | — | — |
| ibm | lotus_notes | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wj9f-4cpj-jvg9: Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names
ghsa_unreviewed·2022-05-01·CVSS 5.0
CVE-2005-2428 [MEDIUM] GHSA-wj9f-4cpj-jvg9: Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names
Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696.
GHSA
GHSA-c865-g6gw-3hjp: IBM Lotus Notes 5
ghsa_unreviewed·2022-05-01·CVSS 5.0
CVE-2007-4309 [MEDIUM] GHSA-c865-g6gw-3hjp: IBM Lotus Notes 5
IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote authenticated administrators to obtain a cleartext notes.id password by setting the notes.ini (1) KFM_ShowEntropy and (2) Debug_Outfile debug variables, a different vulnerability than CVE-2005-2696.
GHSA
GHSA-f255-6gww-8gch: IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book (NAB), which allows remote attackers to obtain sensitiv
ghsa_unreviewed·2022-05-01·CVSS 5.0
CVE-2005-2696 [MEDIUM] GHSA-f255-6gww-8gch: IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book (NAB), which allows remote attackers to obtain sensitiv
IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book (NAB), which allows remote attackers to obtain sensitive information via the (1) password digest field in the Administration tab of a Lotus Notes client, (2) "PasswordDigest" and "HTTPPassword" fields in the document properties in the NAB, or (3) a direct query to the Domino LDAP server, a different vulnerability than CVE-2005-2428.
No detection rules found.
Exploit-DB
Lotus Domino R6 Webmail - Remote Password Hash Dumper
exploitdb·2007-02-13·CVSS 5.0
CVE-2007-0977 [MEDIUM] Lotus Domino R6 Webmail - Remote Password Hash Dumper
Lotus Domino R6 Webmail - Remote Password Hash Dumper
---
#!/bin/bash
#
# $Id: raptor_dominohash,v 1.3 2007/02/13 17:27:28 raptor Exp $
#
# raptor_dominohash - Lotus Domino R5/R6 HTTPPassword dump
# Copyright (c) 2007 Marco Ivaldi
#
# Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled,
# stores sensitive data from names.nsf in hidden form fields, which allows
# remote attackers to read the HTML source to obtain sensitive information such
# as (1) the password hash in the HTTPPassword field, (2) the password change
# date in the HTTPPasswordChangeDate field, (3) the client platform in the
# ClntPltfrm field, (4) the client machine name in the ClntMachine field, and
# (5) the client Lotus Domino release in the ClntBld field, a different
# vulnerability than CVE-20
Nuclei
Lotus Domino R5 and R6 WebMail - Information Disclosure
nuclei·CVSS 5.0
CVE-2005-2428 [MEDIUM] Lotus Domino R5 and R6 WebMail - Information Disclosure
Lotus Domino R5 and R6 WebMail - Information Disclosure
Lotus Domino R5 and R6 WebMail with 'Generate HTML for all fields' enabled (which is by default) allows remote attackers to read the HTML source to obtain sensitive information including the password hash in the HTTPPassword field, the password change date in the HTTPPasswordChangeDate field, and the client Lotus Domino release in the ClntBld field (a different vulnerability than CVE-2005-2696).
Template:
id: CVE-2005-2428
info:
name: Lotus Domino R5 and R6 WebMail - Information Disclosure
author: CasperGN
severity: medium
description: Lotus Domino R5 and R6 WebMail with 'Generate HTML for all fields' enabled (which is by default) allows remote attackers to read the HTML source to obtain sensitive information including the passwor
No writeups or analysis indexed.
2005-08-26
Published