[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RPS/APS vulnerability in snom/yealink and others

To: bugtraq <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: RPS/APS vulnerability in snom/yealink and others
From: "Cal Leeming \[Simplicity Media Ltd\]" <cal.leeming@xxxxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 23 Oct 2013 23:10:30 +0100

Hello,

Discovered a vulnerability that allows for hundreds of thousands of
SIP accounts to be compromised remotely.

Found a year ago, partial vendor fixes but still vuln as of today,
disclosed a few hours ago exclusively to the FreeSWITCH community -
23rd Oct 2013.

Live disclosure can be seen here;
http://www.youtube.com/watch?v=raXkHi_uGF8

Slides are here;
https://www.dropbox.com/s/hp5fj7e7o1mdnyt/Auto%20provisioning%20sucks.pptx

Cal

Follow-Ups:
- Re: RPS/APS vulnerability in snom/yealink and others
  - From: Cal Leeming [Simplicity Media Ltd]

Prev by Date: ESA-2013-067: RSA® Authentication Agent for Web for Internet Information Services (IIS) Security Controls Bypass Vulnerability
Next by Date: [ISecAuditors Security Advisories] HTTP Response Splitting Vulnerability in WebCollab <= v3.30
Previous by thread: ESA-2013-067: RSA® Authentication Agent for Web for Internet Information Services (IIS) Security Controls Bypass Vulnerability
Next by thread: Re: RPS/APS vulnerability in snom/yealink and others
Index(es):
- Date
- Thread