Vulnerabilities > CVE-2009-5140 - Improper Restriction of Excessive Authentication Attempts vulnerability in Linksys Spa2102 Firmware

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE

Summary

The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.

Vulnerable Configurations

Part Description Count
OS
Linksys
1
Hardware
Linksys
1

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/125965/phonerlite-disclose.txt
idPACKETSTORM:125965
last seen2016-12-05
published2014-03-31
reporterJason Ostrom
sourcehttps://packetstormsecurity.com/files/125965/PhonerLite-2.14-Digest-Information-Leak.html
titlePhonerLite 2.14 Digest Information Leak

Seebug

bulletinFamilyexploit
descriptionNo description provided by source.
idSSV:85923
last seen2017-11-19
modified2014-07-01
published2014-07-01
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-85923
titlePhonerLite 2.14 SIP Soft Phone - SIP Digest Disclosure