CVE-2009-5139

Sažetak

The SIP implementation on the Gizmo5 software phone provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.

Reference

http://voipsa.org/pipermail/voipsec_voipsa.org/2009-April/002946.html
https://resources.enablesecurity.com/resources/sipdigestleak-tut.pdf

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

14-02-2020 - 18:23

Objavljeno

12-02-2020 - 14:15