CVE-2008-3777

Name of the Vulnerable Software and Affected Versions Avaya SIP Enablement Services version 5.0 Avaya Communication Manager version 5.0 on the S8300C with SES enabled

Description The issue allows local users to obtain login credentials by reading the alarm and system logs during failed login attempts, as the SIP Enablement Services (SES) Server writes account names and passwords to these logs.

Recommendations For Avaya SIP Enablement Services version 5.0, consider disabling the logging of account names and passwords to the alarm and system logs to prevent local users from obtaining login credentials. For Avaya Communication Manager version 5.0 on the S8300C with SES enabled, restrict access to the alarm and system logs to minimize the risk of exploitation.