PT-2008-5136 · Avaya · Avaya Communication Manager+1

Published

2008-08-25

Updated

2017-08-08

CVE-2008-3777

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Avaya SIP Enablement Services version 5.0 Avaya Communication Manager version 5.0 on the S8300C with SES enabled

Description The issue allows local users to obtain login credentials by reading the alarm and system logs during failed login attempts, as the SIP Enablement Services (SES) Server writes account names and passwords to these logs.

Recommendations For Avaya SIP Enablement Services version 5.0, consider disabling the logging of account names and passwords to the alarm and system logs to prevent local users from obtaining login credentials. For Avaya Communication Manager version 5.0 on the S8300C with SES enabled, restrict access to the alarm and system logs to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2008-3777

Affected Products

Avaya Communication Manager

Avaya Sip Enablement Services

PT-2008-5136 · Avaya · Avaya Communication Manager+1

CVE-2008-3777

Weakness Enumeration

Related Identifiers

Affected Products

References · 4