# _ ____ __ __ ___ # (_)____ _ __/ __ \/ /_____ ____/ / _/_/ | # / // __ \ | / / / / / //_/ _ \/ __ / / / / / # / // / / / |/ / /_/ / ,< / __/ /_/ / / / / / # /_//_/ /_/|___/\____/_/|_|\___/\__,_/ / /_/_/ # Live by the byte |_/_/ # # Members: # # Pr0T3cT10n # -=M.o.B.=- # TheLeader # Sro # Debug # # Contact: inv0ked.israel@gmail.com # # ----------------------------------- # Aastra IP Phone is vulnerable for a data disclosure, the following will explain you how to read the password.. # The vulnerabilitu allows an unprivileged attacker to read the sip details including password. # The vulnerablities are in: # * DATA DISCLOSURE - Password disclosure: http://127.0.0.1/globalSIPsettings.html # * DATA DISCLOSURE - Password disclosure: http://127.0.0.1/SIPsettingsLine1.html #----------------------------------- # Vulnerability Title: Aastra IP Phone Web Interface Data Diclosure Vulnerability # Date: 08/06/2011 # Author: Pr0T3cT10n # Website Link: http://www.aastra.com # Tested on Version: 9480i # ISRAEL ### ###### NOTE: The aastra ip phone software is also vulnerability for unauthorized person to access the web interface. ###### It happen because there is no password thats protects the interface. ## DATA DISCLOSURE: # The data disclosure vulnerability found in the section of 'Global SIP' / 'Line 1' of 'Aastra IP Phone' software. # The vulnerability allows the attacker to disclosure the password of the username for the phone line that connected. # To exploit the vulnerability and dicluse the data we need to access to the 'Aastra IP Phone' by this url 'http://address/globalSIPsettings.html'. # Or to the following address 'http://address/SIPsettingsLine1.html', we have Caller ID, Authentication Name, and Password.. # Then we can see in the source code by the field 'password' and then we see the magic! thats is the password for the username by the sip server. # Now if we already have the sip server, username and password so we can connect to it with any softphone and make our calls. ## # Yours, Pr0T3cT10n..