# _ ____ __ __ ___ # (_)____ _ __/ __ \/ /_____ ____/ / _/_/ | # / // __ \ | / / / / / //_/ _ \/ __ / / / / / # / // / / / |/ / /_/ / ,< / __/ /_/ / / / / / # /_//_/ /_/|___/\____/_/|_|\___/\__,_/ / /_/_/ # Live by the byte |_/_/ # # Members: # # Pr0T3cT10n # -=M.o.B.=- # TheLeader # Sro # Debug # # Contact: inv0ked.israel@gmail.com # # ----------------------------------- # Polycom IP Phone is vulnerable for a data disclosure, the following will explain you how to read the password.. # The vulnerabilitu allows an unprivileged attacker to read the sip details including password. # The vulnerablities are in: # * DATA DISCLOSURE - Password disclosure: http://127.0.0.1/reg_1.htm #----------------------------------- # Vulnerability Title: Polycom IP Phone Web Interface Data Diclosure Vulnerability # Date: 08/06/2011 # Author: Pr0T3cT10n # Website Link: http://www.polycom.com # Tested on Version: ALL # ISRAEL ### ###### NOTE: The Polycom ip phone software is also vulnerability for unauthorized person to access the web interface. ###### It happen because there is no password thats protects the interface. ###### Anyway, the default username and password are username "Polycom" and password "456" ## DATA DISCLOSURE: # The data disclosure vulnerability found in the section of 'Lines' -> 'Line 1' of 'Polycom IP Phone' software. # The vulnerability allows the attacker to disclosure the password of the username for the phone line that connected. # To exploit the vulnerability and discluse the data we need to access to the 'Polycom IP Phone' by this url 'http://address/reg_1.htm'. # Then we can see in the source code by the field 'reg.1.auth.password' and then we see the magic! thats is the password for the username by the sip server. # Now if we already have the sip server, username and password so we can connect to it with any softphone and make our calls. ## # Yours, Pr0T3cT10n.