Vulnerabilities > CVE-2013-7382 - Credentials Management vulnerability in Vicidial 2.7/2.8
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier has a hardcoded password of donotedit for the (1) VDAD and (2) VDCL users, which makes it easier for remote attackers to obtain access.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | VICIdial Manager Send OS Command Injection. CVE-2013-4467,CVE-2013-7382. Remote exploit for linux platform |
| file | exploits/linux/remote/29513.rb |
| id | EDB-ID:29513 |
| last seen | 2016-02-03 |
| modified | 2013-11-08 |
| platform | linux |
| port | 80 |
| published | 2013-11-08 |
| reporter | metasploit |
| source | https://www.exploit-db.com/download/29513/ |
| title | VICIdial Manager Send OS Command Injection |
| type | remote |
References
- http://www.exploit-db.com/exploits/29513
- http://www.exploit-db.com/exploits/29513
- http://www.openwall.com/lists/oss-security/2013/10/23/10
- http://www.openwall.com/lists/oss-security/2013/10/23/10
- http://www.openwall.com/lists/oss-security/2013/10/25/1
- http://www.openwall.com/lists/oss-security/2013/10/25/1
- https://adamcaudill.com/2013/10/23/vicidial-multiple-vulnerabilities/
- https://adamcaudill.com/2013/10/23/vicidial-multiple-vulnerabilities/