PT-2007-6735 · Globe7 · Globe7 Soft Phone Client

Published

2007-10-31

Updated

2008-11-15

CVE-2007-5768

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Globe7 soft phone client version 7.3

Description The issue allows remote attackers to obtain sensitive information by sniffing the HTTP traffic, as the Globe7 soft phone client sends username and password information in cleartext.

Recommendations For Globe7 soft phone client version 7.3, consider using a secure connection to encrypt the data in transit, such as HTTPS, to prevent sensitive information from being intercepted. As a temporary workaround, restrict access to the network to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2007-5768

Affected Products

Globe7 Soft Phone Client

PT-2007-6735 · Globe7 · Globe7 Soft Phone Client

CVE-2007-5768

Weakness Enumeration

Related Identifiers

Affected Products

References · 3