Vulnerabilities > CVE-2005-0506 - Remote Security vulnerability in Avaya IP Office Phone Manager and IP Soft Phone

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
avaya
exploit available

Summary

The Avaya IP Office Phone Manager, and other products such as the IP Softphone, stores sensitive data in cleartext in a registry key, which allows local and possibly remote users to steal usernames and passwords and impersonate other users via keys such as Avaya\IP400\Generic.

Vulnerable Configurations

Part Description Count
Application
Avaya
2

Exploit-Db

descriptionAvaya IP Office Phone Manager Local Password Disclosure Exploit. CVE-2005-0506. Local exploit for windows platform
idEDB-ID:839
last seen2016-01-31
modified2005-02-24
published2005-02-24
reporterAdrian "pagvac" Pastor
sourcehttps://www.exploit-db.com/download/839/
titleAvaya IP Office Phone Manager Local Password Disclosure Exploit