CVE-2005-2428 Scanner
Detects 'Information Disclosure' vulnerability in BM Lotus Domino affects v. 5.0, 6.0, 6.5.0.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
15 sec
Time Interval
672 sec
Scan only one
Url
Toolbox
-
IBM Lotus Domino is a platform used for enterprise email, messaging, and collaboration purposes. It includes a directory database, names.nsf, which is used as a Public Address Book. The directory database provides a way to look up users and their contact information, including email addresses and phone numbers. The platform is widely used in large organizations and companies across the world.
The CVE-2005-2428 vulnerability is a critical flaw detected in the names.nsf directory database. The vulnerability allows a remote attacker to access sensitive information, including usernames, password hashes, client's platform, machine name, and Lotus Domino release information. A remote attacker can exploit this vulnerability by viewing the HTML source code. Since the directory database is readable by default, it can easily be accessed by any remote attacker.
Exploiting this vulnerability can lead to serious data breaches in large organizations. Attackers can extract sensitive information and use it for malicious purposes, including stealing intellectual property, gaining unauthorized access to corporate systems, or launching targeted attacks against specific individuals or groups in the organization.
s4e.io is an online platform that provides information about cybersecurity vulnerabilities and risks. Thanks to the pro features of the s4e.io platform, readers of this article can easily and quickly learn about vulnerabilities in their digital assets, assess their risk levels, and take appropriate actions to mitigate them. With this platform, readers can protect their organizations against various digital threats and stay ahead of potential cybersecurity attacks.
REFERENCES
- marc.info: 20050726 CYBSEC - Security Advisory: Default Configuration Information
- securityfocus.com: 14389
- exploit-db.com: 39495
- http://www-1.ibm.com/support/docview.wss?uid=swg21212934
- securitytracker.com: 1014584
- osvdb.org: 18462
- http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf
- http://www.securiteam.com/securitynews/5FP0E15GLQ.html
- secunia.com: 16231
- exchange.xforce.ibmcloud.com: lotus-domino-names-obtain-information(21556)