Lucene search

[email protected]CVE-2005-2696

HistoryAug 26, 2005 - 3:50 p.m.

CVE-2005-2696

2005-08-2615:50:00

[email protected]

web.nvd.nist.gov

ibm

lotus notes

password hashes

nab

remote attackers

sensitive information

cve-2005-2696

vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.2%

JSON

IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book (NAB), which allows remote attackers to obtain sensitive information via the (1) password digest field in the Administration tab of a Lotus Notes client, (2) “PasswordDigest” and “HTTPPassword” fields in the document properties in the NAB, or (3) a direct query to the Domino LDAP server, a different vulnerability than CVE-2005-2428.

Affected configurations

NVD

Node

ibmlotus_notes

CPENameOperatorVersion
ibm:lotus_notesibm lotus noteseq*

CPE	Name	Operator	Version
ibm:lotus_notes	ibm lotus notes	eq	*

References

marc.info/?l=bugtraq&m=112456040418543&w=2

www.venera.com/downloads/Lotus_password_disclosures.pdf

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.2%

JSON

Related for CVE-2005-2696

nvd4 packetstorm1 seebug3 cvelist4 cve3 nuclei1 exploitpack2 securityvulns1 exploitdb2 prion2 zdt1 d21 nessus1