Secret Backdoors Found in German-made Auerswald VoIP System

2021-12-21 20:19

Multiple backdoors have been discovered during a penetration test in the firmware of a widely used voice over Internet Protocol appliance from Auerswald, a German telecommunications hardware manufacturer, that could be abused to gain full administrative access to the devices.

"Two backdoor passwords were found in the firmware of the COMpact 5500R PBX," researchers from RedTeam Pentesting said in a technical analysis published Monday.

"One backdoor password is for the secret user 'Schandelah', the other can be used for the highest-privileged user 'admin.' No way was discovered to disable these backdoors."

RedTeam Pentesting said it uncovered the backdoor after it began to take a closer look into a service Auerswald provides in the event a customer were to lose access to their administrator account, in which case the password associated with a privileged account can be reset by reaching out to the manufacturer.

The alternative password, as in the previous case, provides full-privileged access to the PBX without having to change the password in the first place.

"The backdoor passwords are not documented. They secretly coexist with a documented password recovery function supported by the vendor."

News URL

https://thehackernews.com/2021/12/secret-backdoors-found-in-german-made.html

#backdoor #german #voip