RPS/APS vulnerability in snom/yealink and others

From: Cal Leeming [Simplicity Media Ltd] <cal.leeming@simplicitymedialtd.co.uk>
To: bugtraq <bugtraq@securityfocus.com>
Cc:
Subject: RPS/APS vulnerability in snom/yealink and others
Date:


Hello,

Discovered a vulnerability that allows for hundreds of thousands of
SIP accounts to be compromised remotely.

Found a year ago, partial vendor fixes but still vuln as of today,
disclosed a few hours ago exclusively to the FreeSWITCH community -
23rd Oct 2013.

Live disclosure can be seen here;
http://www.youtube.com/watch?v=raXkHi_uGF8

Slides are here;
https://www.dropbox.com/s/hp5fj7e7o1mdnyt/Auto%20provisioning%20sucks.pptx

Cal





Copyright © 1995-2018 LinuxRocket.net. All rights reserved.