1.2.7.4

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

pingtel

NVD

Published: 2002-07-23

Updated: 2024-11-20

Summary

The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to steal and easily decode the passwords via sniffing.

Vulnerable Configurations

Part	Description	Count
Hardware	Pingtel Pingtel Xpressa 1.2.7.4 Pingtel Xpressa 1.2.5	2

References

http://www.atstake.com/research/advisories/2002/a071202-1.txt
http://www.atstake.com/research/advisories/2002/a071202-1.txt
http://www.iss.net/security_center/static/9565.php
http://www.iss.net/security_center/static/9565.php
http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp