CVE-2002-0670

Name of the Vulnerable Software and Affected Versions Pingtel xpressa SIP-based voice-over-IP phone versions 1.2.5 through 1.2.7.4

Description The issue concerns the web interface of the Pingtel xpressa SIP-based voice-over-IP phone, which uses Base64 encoded usernames and passwords for HTTP basic authentication. This allows remote attackers to steal and easily decode the passwords via sniffing.

Recommendations For versions 1.2.5 through 1.2.7.4, consider disabling HTTP basic authentication in the web interface until a more secure authentication method is implemented. Restrict access to the web interface to minimize the risk of exploitation. Avoid using the web interface for sensitive operations until the issue is resolved.