CVE-2010-4302

Name of the Vulnerable Software and Affected Versions Cisco Unified Videoconferencing (UVC) System versions 5110 and 5115

Description The issue concerns the use of a weak hashing algorithm for administrator and operator passwords in the Cisco Unified Videoconferencing (UVC) System when the Linux operating system is used. This weakness makes it easier for local users to obtain sensitive information by recovering the cleartext values of the passwords.

Recommendations For Cisco Unified Videoconferencing (UVC) System versions 5110 and 5115, consider changing the administrator and operator passwords to strong, unique values and avoid using the Mcu.val file for password storage until a stronger hashing algorithm is implemented. As a temporary workaround, restrict local access to the system to minimize the risk of exploitation.