Vulnerabilities > CVE-2014-2560 - Use of Password Hash With Insufficient Computational Effort vulnerability in Phoner Phonerlite

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
high complexity
phoner
CWE-916
exploit available
NVD
Published: 2020-02-12
Updated: 2020-02-14

Summary

The PhonerLite phone before 2.15 provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.

Vulnerable Configurations

Part Description Count
Application
Phoner
1

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionPhonerLite 2.14 SIP Soft Phone - SIP Digest Disclosure. CVE-2014-2560. Remote exploit for windows platform
idEDB-ID:32643
last seen2016-02-03
modified2014-04-01
published2014-04-01
reporterJason Ostrom
sourcehttps://www.exploit-db.com/download/32643/
titlePhonerLite 2.14 SIP Soft Phone - SIP Digest Disclosure

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/125965/phonerlite-disclose.txt
idPACKETSTORM:125965
last seen2016-12-05
published2014-03-31
reporterJason Ostrom
sourcehttps://packetstormsecurity.com/files/125965/PhonerLite-2.14-Digest-Information-Leak.html
titlePhonerLite 2.14 Digest Information Leak

Seebug

  • bulletinFamilyexploit
    descriptionBugtraq ID:66539 CVE ID:CVE-2014-2560 PhonerLite是一款网络电话应用,可以让您的电脑使用新的互联网电话技术电话(VoIP,IP语音)。 PhonerLite允许恶意第三方伪造SIP INVITE消息,获取目标用户的SIP MD5摘要验证用户验证凭据哈希值。 0 PhonerLite 2.14 PhonerLite 2.15版本已修复该漏洞,建议用户下载使用: http://www.ektron.com/
    idSSV:62015
    last seen2017-11-19
    modified2014-04-01
    published2014-04-01
    reporterRoot
    titlePhonerLite SIP摘要远程信息泄漏漏洞
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:85923
    last seen2017-11-19
    modified2014-07-01
    published2014-07-01
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-85923
    titlePhonerLite 2.14 SIP Soft Phone - SIP Digest Disclosure

References