CVE-2005-2428

EPSS 8.61% · P92 Updated Feb 27, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2005-2428

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

IBM Lotus Domino WebMail信息泄露漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

IBM Lotus Domino WebMail是IBM消息传递解决方案组件，提供基本的基于浏览器的Lotus Domino电子邮件访问。 Lotus Domino处理储存用户口令的过程存在问题，可能造成信息用户口令信息泄露。默认下Lotus Domino的主目录数据库names.nsf是所有用户都可读的，因此，所有用户都可以浏览人员项。在非特权用户浏览人员项时，"Internet Password"字段是空的，表示用户不能浏览口令哈希。但是，如果编辑了Web页面的话(在Internet Explore

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2005-2428

#	POC Description	Source Link	Shenlong Link
1	IBM Lotus Domino <= R8 Password Hash Extraction Exploit	https://github.com/schwankner/CVE-2005-2428-IBM-Lotus-Domino-R8-Password-Hash-Extraction-Exploit	POC Details
2	A simple workflow that runs all Lotus Domino related nuclei templates on a given target.	https://github.com/projectdiscovery/nuclei-templates/blob/main/workflows/lotus-domino-workflow.yaml	POC Details
3	Lotus Domino R5 and R6 WebMail with 'Generate HTML for all fields' enabled (which is by default) allows remote attackers to read the HTML source to obtain sensitive information including the password hash in the HTTPPassword field, the password change date in the HTTPPasswordChangeDate field, and the client Lotus Domino release in the ClntBld field (a different vulnerability than CVE-2005-2696).	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2005/CVE-2005-2428.yaml	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2005-2428

请登录查看更多情报信息。

http://www-1.ibm.com/support/docview.wss?uid=swg21212934x_refsource_CONFIRM
http://www.securiteam.com/securitynews/5FP0E15GLQ.htmlx_refsource_MISC
http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdfx_refsource_MISC
http://www.osvdb.org/18462vdb-entryx_refsource_OSVDB
http://www.securityfocus.com/bid/14389vdb-entryx_refsource_BID
http://secunia.com/advisories/16231/third-party-advisoryx_refsource_SECUNIA
https://www.exploit-db.com/exploits/39495/exploitx_refsource_EXPLOIT-DB
http://securitytracker.com/id?1014584vdb-entryx_refsource_SECTRACK
https://exchange.xforce.ibmcloud.com/vulnerabilities/21556vdb-entryx_refsource_XF
http://marc.info/?l=bugtraq&m=112240869130356&w=2mailing-listx_refsource_BUGTRAQ
https://nvd.nist.gov/vuln/detail/CVE-2005-2428

Same Patch Batch · n/a · 2005-08-03 · 41 CVEs total

CVE-2005-2441		VBZooM Forum 多个跨站脚本注入漏洞
CVE-2005-2432		PHPList Admin Page SQL注入漏洞
CVE-2005-2433		PhpList 多个敏感信息泄露漏洞
CVE-2005-2434		Linksys WRT54G无线路由器默认SSL证书和私钥漏洞
CVE-2005-2435		Website Baker 'Browse.PHP' 跨站脚本漏洞
CVE-2005-2436		Website Baker Project 'browse.php' 敏感性息泄露漏洞
CVE-2005-2437		Website Baker 任意文件上传漏洞
CVE-2005-2438		UseBB 跨站脚本漏洞
CVE-2005-2439		UseBB 跨站脚本执行及SQL注入漏洞
CVE-2005-2440		Thomson Web Skill Vantage Manager 'login.asp'SQL注入漏洞
CVE-2005-2431		Gforge 信息泄露漏洞
CVE-2005-2442		SPI Dynamics WebInspect 跨应用程序脚本注入漏洞
CVE-2005-2443		Kshout 'settings.dat'敏感信息泄露漏洞
CVE-2005-2444		Trillian Pro 敏感信息泄露漏洞
CVE-2005-2445		Early Impact ProductCart 'viewPrd.asp'SQL注入漏洞
CVE-2005-2448		EKG libgadu 多个远程整数溢出漏洞
CVE-2005-2449		Gentoo Sandbox 多个不安全临时文件创建漏洞
CVE-2005-2450		ClamAV 多个整数溢出漏洞
CVE-2005-2451		Cisco IOS 任意代码执行漏洞
CVE-2005-2452		LibTiff Tiff图像标头除零拒绝服务漏洞

Showing top 20 of 41 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2005-2428

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2005-2428

I. Basic Information for CVE-2005-2428

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2005-2428

III. Intelligence Information for CVE-2005-2428

Same Patch Batch · n/a · 2005-08-03 · 41 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2005-2428

Leave a comment