IBM Lotus Domino 5.0/6.5 Public Address Book information disclosure
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 3.4 | $0-$5k | 0.00 |
Summary
A vulnerability identified as critical has been detected in IBM Lotus Domino 5.0/6.5. Affected by this vulnerability is an unknown functionality of the component Public Address Book. The manipulation leads to information disclosure. This vulnerability is documented as CVE-2005-2428. The attack can be initiated remotely. Additionally, an exploit exists. Disabling the affected component is recommended.
Details
A vulnerability was found in IBM Lotus Domino 5.0/6.5 (Groupware Software) and classified as problematic. This issue affects some unknown functionality of the component Public Address Book. The manipulation with an unknown input leads to a information disclosure vulnerability. Using CWE to declare the problem leads to CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. Impacted is confidentiality. The summary by CVE is:
Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696.
The weakness was released 07/28/2005 by Leandro Meiners with Cybsec S.A (Website). The advisory is shared at www-1.ibm.com. The identification of this vulnerability is CVE-2005-2428 since 08/03/2005. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Technical details are unknown but a public exploit is available. MITRE ATT&CK project uses the attack technique T1592 for this issue.
A public exploit has been developed by Marco Ivaldi and been published 2 years after the advisory. The exploit is available at exploit-db.com. It is declared as proof-of-concept. We expect the 0-day to have been worth approximately $5k-$25k. The vulnerability scanner Nessus provides a plugin with the ID 19309 (IBM Lotus Domino HTML Hidden Field Encrypted Password Disclosure), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Web Servers and running in the context r.
Applying a patch is able to eliminate this problem. The bugfix is ready for download at ibm.com.
The vulnerability is also documented in the databases at X-Force (21556), Exploit-DB (3302), Tenable (19309), SecurityFocus (BID 14389†) and OSVDB (18462†). Entries connected to this vulnerability are available at VDB-26158 and VDB-35069. If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.ibm.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 3.7VulDB Meta Temp Score: 3.4
VulDB Base Score: 3.7
VulDB Temp Score: 3.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Information disclosureCWE: CWE-200 / CWE-284 / CWE-266
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Author: Marco Ivaldi
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 19309
Nessus Name: IBM Lotus Domino HTML Hidden Field Encrypted Password Disclosure
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: DisableStatus: 🔍
0-Day Time: 🔍
Exploit Delay Time: 🔍
Patch: ibm.com
Timeline
07/26/2005 🔍07/26/2005 🔍
07/27/2005 🔍
07/27/2005 🔍
07/28/2005 🔍
07/28/2005 🔍
07/28/2005 🔍
08/02/2005 🔍
08/02/2005 🔍
08/03/2005 🔍
08/03/2005 🔍
02/13/2007 🔍
02/13/2007 🔍
07/04/2019 🔍
Sources
Vendor: ibm.comAdvisory: www-1.ibm.com
Researcher: Leandro Meiners
Organization: Cybsec S.A
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2005-2428 (🔍)
GCVE (CVE): GCVE-0-2005-2428
GCVE (VulDB): GCVE-100-1661
X-Force: 21556 - IBM Lotus Domino names.nsf information disclosure, Medium Risk
SecurityFocus: 14389 - IBM Lotus Domino Password Encryption Weakness
Secunia: 16231 - Lotus Domino Webmail Information Disclosure Security Issue, Less Critical
OSVDB: 18462 - IBM Lotus Domino HTML Hidden Field Encrypted Password Disclosure
SecurityTracker: 1014584
Vulnerability Center: 8792 - Lotus Domino Server Information Disclosure Vulnerabilities, Medium
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 08/02/2005 12:50Updated: 07/04/2019 06:06
Changes: 08/02/2005 12:50 (101), 07/04/2019 06:06 (1)
Complete: 🔍
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.