5 matches found
IBM Lotus Domino R8 - Password Hash Extraction
IBM Lotus Domino R8 - Password Hash Extraction Exploit Title: IBM Lotus Domino = R8 Password Hash Extraction Exploit Google Dork: inurl:names.nsf?opendatabase Date: 02-24-2016 Exploit Author: Jonathan Broche Contact: https://twitter.com/g0jhonny Vendor Homepage:...
IBM Lotus Domino R8 - Password Hash Extraction
Exploit Title: IBM Lotus Domino = R8 Password Hash Extraction Exploit Google Dork: inurl:names.nsf?opendatabase Date: 02-24-2016 Exploit Author: Jonathan Broche Contact: https://twitter.com/g0jhonny Vendor Homepage: https://www-01.ibm.com/software/lotus/category/messaging/ Tested on: Lotus Domino...
Design/Logic Flaw
IBM Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores HTTPPassword hashes from names.nsf in a manner accessible through Readviewentries and OpenDocument requests to the defaultview view, a different vector than CVE-2005-2428...
DSquare Exploit Pack: D2SEC_LOTUS_HASH
Name| d2seclotushash ---|--- CVE| CVE-2005-2428 Exploit Pack| D2ExploitPack Description| D2SEC Lotushash Notes|...
CVE-2005-2428
Lotus Domino R5/R6 WebMail with Generate HTML for all fields enabled can reveal sensitive data via names.nsf hidden fields. The connected nuclei template documents information disclosure: password hashes in HTTPPassword, password-change date in HTTPPasswordChangeDate, and client release in ClntBl...