exploitDog

CVE-2005-2696

Опубликовано: 26 авг. 2005

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book (NAB), which allows remote attackers to obtain sensitive information via the (1) password digest field in the Administration tab of a Lotus Notes client, (2) "PasswordDigest" and "HTTPPassword" fields in the document properties in the NAB, or (3) a direct query to the Domino LDAP server, a different vulnerability than CVE-2005-2428.

Ссылки

http://marc.info/?l=bugtraq&m=112456040418543&w=2
http://www.venera.com/downloads/Lotus_password_disclosures.pdf
Exploit
Vendor Advisory
http://marc.info/?l=bugtraq&m=112456040418543&w=2
http://www.venera.com/downloads/Lotus_password_disclosures.pdf
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ibm:lotus_notes:*:*:*:*:*:*:*:*

EPSS

Процентиль: 41%

0.00189

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-f255-6gww-8gch

github

почти 4 года назад

IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book (NAB), which allows remote attackers to obtain sensitive information via the (1) password digest field in the Administration tab of a Lotus Notes client, (2) "PasswordDigest" and "HTTPPassword" fields in the document properties in the NAB, or (3) a direct query to the Domino LDAP server, a different vulnerability than CVE-2005-2428.

EPSS

Процентиль: 41%

0.00189

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other