PT-2002-1696 · Pingtel · Pingtel Xpressa

Published

2002-07-15

Updated

2008-09-05

CVE-2002-0670

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Pingtel xpressa SIP-based voice-over-IP phone versions 1.2.5 through 1.2.7.4

Description The issue concerns the web interface of the Pingtel xpressa SIP-based voice-over-IP phone, which uses Base64 encoded usernames and passwords for HTTP basic authentication. This allows remote attackers to steal and easily decode the passwords via sniffing.

Recommendations For versions 1.2.5 through 1.2.7.4, consider disabling HTTP basic authentication in the web interface until a more secure authentication method is implemented. Restrict access to the web interface to minimize the risk of exploitation. Avoid using the web interface for sensitive operations until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-0670

Affected Products

Pingtel Xpressa

PT-2002-1696 · Pingtel · Pingtel Xpressa

CVE-2002-0670

Related Identifiers

Affected Products

References · 4