Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2428


Vulnerability Score 5.0 5.0
CVE Id CVE-2005-2428
Last Modified 05 Sep 2008 04:51:43
Published 03 Aug 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696.

Vulnerable Systems


  • Ibm Lotus Domino 5.0

  • Ibm Lotus Domino 6.0

  • Ibm Lotus Domino 6.5


XF - lotus-domino-names-obtain-information(21556)



SECUNIA - 16231

BID - 14389


OSVDB - 18462

SECTRACK - 1014584

BUGTRAQ - 20050726 CYBSEC - Security Advisory: Default Configuration Information

Last Updated: 27 May 2016 10:40:31