Vulnerabilities > CVE-2009-5139 - USE of Password Hash With Insufficient Computational Effort vulnerability in Google Gizmo5

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE

Summary

The SIP implementation on the Gizmo5 software phone provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.

Vulnerable Configurations

Part Description Count
Application
Google
1

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/125965/phonerlite-disclose.txt
idPACKETSTORM:125965
last seen2016-12-05
published2014-03-31
reporterJason Ostrom
sourcehttps://packetstormsecurity.com/files/125965/PhonerLite-2.14-Digest-Information-Leak.html
titlePhonerLite 2.14 Digest Information Leak

Seebug

bulletinFamilyexploit
descriptionNo description provided by source.
idSSV:85923
last seen2017-11-19
modified2014-07-01
published2014-07-01
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-85923
titlePhonerLite 2.14 SIP Soft Phone - SIP Digest Disclosure