Unrated severityNVD Advisory· Published Aug 3, 2005· Updated Apr 16, 2026

CVE-2005-2428

Description

Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696.

Affected products

IBM/Lotus Domino3 versions
cpe:2.3:a:ibm:lotus_domino:5.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:ibm:lotus_domino:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:6.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/16231/nvdVendor Advisory
www-1.ibm.com/support/docview.wssnvdVendor Advisory
www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdfnvdVendor Advisory
marc.infonvd
securitytracker.com/idnvd
www.osvdb.org/18462nvd
www.securiteam.com/securitynews/5FP0E15GLQ.htmlnvd
www.securityfocus.com/bid/14389nvd
exchange.xforce.ibmcloud.com/vulnerabilities/21556nvd
www.exploit-db.com/exploits/39495/nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.007
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000