Vulnerabilities > CVE-2005-0506 - Unspecified vulnerability in Avaya IP Office Phone Manager and IP Soft Phone
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN avaya
exploit available
Summary
The Avaya IP Office Phone Manager, and other products such as the IP Softphone, stores sensitive data in cleartext in a registry key, which allows local and possibly remote users to steal usernames and passwords and impersonate other users via keys such as Avaya\IP400\Generic.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
| description | Avaya IP Office Phone Manager Local Password Disclosure Exploit. CVE-2005-0506. Local exploit for windows platform |
| id | EDB-ID:839 |
| last seen | 2016-01-31 |
| modified | 2005-02-24 |
| published | 2005-02-24 |
| reporter | Adrian "pagvac" Pastor |
| source | https://www.exploit-db.com/download/839/ |
| title | Avaya IP Office Phone Manager Local Password Disclosure Exploit |
References
- http://marc.info/?l=bugtraq&m=110909733831694&w=2
- http://marc.info/?l=bugtraq&m=110909733831694&w=2
- http://marc.info/?l=bugtraq&m=110910486128709&w=2
- http://marc.info/?l=bugtraq&m=110910486128709&w=2
- http://support.avaya.com/elmodocs2/security/ASA-2005-041_Sensitive_Info_Leak.pdf
- http://support.avaya.com/elmodocs2/security/ASA-2005-041_Sensitive_Info_Leak.pdf