Vulnerabilities > CVE-2009-5139 - Use of Password Hash With Insufficient Computational Effort vulnerability in Google Gizmo5

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

google

CWE-916

NVD

Published: 2020-02-12

Updated: 2020-02-14

Summary

The SIP implementation on the Gizmo5 software phone provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.

Vulnerable Configurations

Part	Description	Count
Application	Google Google Gizmo5 -	1

Common Weakness Enumeration (CWE)

CWE-916 - Use of Password Hash With Insufficient Computational Effort

Packetstorm

data source	https://packetstormsecurity.com/files/download/125965/phonerlite-disclose.txt
id	PACKETSTORM:125965
last seen	2016-12-05
published	2014-03-31
reporter	Jason Ostrom
source	https://packetstormsecurity.com/files/125965/PhonerLite-2.14-Digest-Information-Leak.html
title	PhonerLite 2.14 Digest Information Leak

Seebug

bulletinFamily	exploit
description	No description provided by source.
id	SSV:85923
last seen	2017-11-19
modified	2014-07-01
published	2014-07-01
reporter	Root
source	https://www.seebug.org/vuldb/ssvid-85923
title	PhonerLite 2.14 SIP Soft Phone - SIP Digest Disclosure

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Packetstorm

Seebug

References