What is CVE-2005-2428?

CVE-2005-2428 is a vulnerability in N/a. Published 2005-08-03.

Is CVE-2005-2428 known to be exploited?

16 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2005-2428

Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the…

EPSS: 0.736 (99.4th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

20050726 CYBSEC - Security Advisory: Default Configuration Information (mailing-list, x_refsource_BUGTRAQ)
14389 (vdb-entry, x_refsource_BID)
39495 (exploit, x_refsource_EXPLOIT-DB)
www-1.ibm.com/support/docview.wss (x_refsource_CONFIRM)
1014584 (vdb-entry, x_refsource_SECTRACK)
18462 (x_refsource_OSVDB, vdb-entry)
www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.p… (x_refsource_MISC)
www.securiteam.com/securitynews/5FP0E15GLQ.html (x_refsource_MISC)
16231 (x_refsource_SECUNIA, third-party-advisory)
lotus-domino-names-obtain-information(21556) (vdb-entry, x_refsource_XF)

Frequently asked questions

What is CVE-2005-2428?: CVE-2005-2428 is a vulnerability in N/a. Published 2005-08-03.
Is CVE-2005-2428 known to be exploited?: 16 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.