# _ ___________#(_)____ _ __/ __ \/ /_________/ /_/_/ |# / // __ \ | / / / / / //_/ _ \/ __// / / /#/ // / / / |/ / /_/ / ,< /__/ /_/ // / / /# /_//_/ /_/|___/\____/_/|_|\___/\__,_// /_/_/ # Live by the byte |_/_/ ## Members:## Pr0T3cT10n# -=M.o.B.=-# TheLeader# Sro# Debug## Contact: inv0ked.israel@gmail.com## -----------------------------------# Polycom IP Phone is vulnerable for a data disclosure, the following will explain you how to read the password..# The vulnerabilitu allows an unprivileged attacker to read the sip details including password.# The vulnerablities are in:# * DATA DISCLOSURE - Password disclosure: http://127.0.0.1/reg_1.htm#-----------------------------------# Vulnerability Title: Polycom IP Phone Web Interface Data Diclosure Vulnerability# Date: 08/06/2011# Author: Pr0T3cT10n# Website Link: http://www.polycom.com# Tested on Version: ALL# ISRAEL######### NOTE: The Polycom ip phone software is also vulnerability for unauthorized person to access the web interface.###### It happen because there is no password thats protects the interface.###### Anyway, the default username and password are username "Polycom" and password "456"## DATA DISCLOSURE:# The data disclosure vulnerability found in the section of 'Lines' -> 'Line 1' of 'Polycom IP Phone' software.# The vulnerability allows the attacker to disclosure the password of the username for the phone line that connected.# To exploit the vulnerability and discluse the data we need to access to the 'Polycom IP Phone' by this url 'http://address/reg_1.htm'.# Then we can see in the source code by the field 'reg.1.auth.password' and then we see the magic! thats is the password for the username by the sip server.# Now if we already have the sip server, username and password so we can connect to it with any softphone and make our calls.### Yours, Pr0T3cT10n.
