Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.104022
Category:Nmap NSE net
Title:Nmap NSE net: domino-enum-users
Summary:Attempts to discover valid IBM Lotus Domino users and download their ID files by exploiting the;CVE-2006-5835 vulnerability.;;SYNTAX:;;userdb: The filename of an alternate username database.;;domino-id.username: the name of the user from which to retrieve the ID.;If this parameter is not specified, the unpwdb library will be used to;brute force names of users.;;For more information see the references.;;Credits;; - ------;o Ollie Whitehouse for bringing this to my attention back in the days when;it was first discovered and for the c-code on which this is based.;;passdb: The filename of an alternate password database.;;unpwdb.passlimit: The maximum number of passwords;'passwords' will return (default unlimited).;;domino-id.path: the location to which any retrieved ID files are stored;;unpwdb.userlimit: The maximum number of usernames;'usernames' will return (default unlimited).;;unpwdb.timelimit: The maximum amount of time that any iterator will run;before stopping. The value is in seconds by default and you can follow it;with 'ms', 's', 'm', or 'h' for;milliseconds, seconds, minutes, or hours. For example,;'unpwdb.timelimit=30m' or 'unpwdb.timelimit=.5h' for;30 minutes. The default depends on the timing template level (see the module;description). Use the value '0' to disable the time limit.
Description:Summary:
Attempts to discover valid IBM Lotus Domino users and download their ID files by exploiting the
CVE-2006-5835 vulnerability.

SYNTAX:

userdb: The filename of an alternate username database.

domino-id.username: the name of the user from which to retrieve the ID.
If this parameter is not specified, the unpwdb library will be used to
brute force names of users.

For more information see the references.

Credits

- ------
o Ollie Whitehouse for bringing this to my attention back in the days when
it was first discovered and for the c-code on which this is based.

passdb: The filename of an alternate password database.

unpwdb.passlimit: The maximum number of passwords
'passwords' will return (default unlimited).

domino-id.path: the location to which any retrieved ID files are stored

unpwdb.userlimit: The maximum number of usernames
'usernames' will return (default unlimited).

unpwdb.timelimit: The maximum amount of time that any iterator will run
before stopping. The value is in seconds by default and you can follow it
with 'ms', 's', 'm', or 'h' for
milliseconds, seconds, minutes, or hours. For example,
'unpwdb.timelimit=30m' or 'unpwdb.timelimit=.5h' for
30 minutes. The default depends on the timing template level (see the module
description). Use the value '0' to disable the time limit.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Cross-Ref: BugTraq ID: 20960
Common Vulnerability Exposure (CVE) ID: CVE-2006-5835
http://www.securityfocus.com/bid/20960
http://www.fortconsult.net/images/pdf/lotusnotes_keyfiles.pdf
http://securitytracker.com/id?1017203
http://secunia.com/advisories/22741
http://www.vupen.com/english/advisories/2006/4411
XForce ISS Database: lotusnotes-nrpc-information-disclosure(30118)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30118
CopyrightCopyright (C) 2011 NSE-Script: The Nmap Security Scanner; NASL-Wrapper: Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.