# _ ___________#(_)____ _ __/ __ \/ /_________/ /_/_/ |# / // __ \ | / / / / / //_/ _ \/ __// / / /#/ // / / / |/ / /_/ / ,< /__/ /_/ // / / /# /_//_/ /_/|___/\____/_/|_|\___/\__,_// /_/_/ # Live by the byte |_/_/ ## Members:## Pr0T3cT10n# -=M.o.B.=-# TheLeader# Sro# Debug## Contact: inv0ked.israel@gmail.com## -----------------------------------# Aastra IP Phone is vulnerable for a data disclosure, the following will explain you how to read the password..# The vulnerabilitu allows an unprivileged attacker to read the sip details including password.# The vulnerablities are in:# * DATA DISCLOSURE - Password disclosure: http://127.0.0.1/globalSIPsettings.html# * DATA DISCLOSURE - Password disclosure: http://127.0.0.1/SIPsettingsLine1.html#-----------------------------------# Vulnerability Title: Aastra IP Phone Web Interface Data Diclosure Vulnerability# Date: 08/06/2011# Author: Pr0T3cT10n# Website Link: http://www.aastra.com# Tested on Version: 9480i# ISRAEL######### NOTE: The aastra ip phone software is also vulnerability for unauthorized person to access the web interface.###### It happen because there is no password thats protects the interface.## DATA DISCLOSURE:# The data disclosure vulnerability found in the section of 'Global SIP' / 'Line 1' of 'Aastra IP Phone' software.# The vulnerability allows the attacker to disclosure the password of the username for the phone line that connected.# To exploit the vulnerability and dicluse the data we need to access to the 'Aastra IP Phone' by this url 'http://address/globalSIPsettings.html'.# Or to the following address 'http://address/SIPsettingsLine1.html', we have Caller ID, Authentication Name,and Password..# Then we can see in the source code by the field 'password' and then we see the magic! thats is the password for the username by the sip server.# Now if we already have the sip server, username and password so we can connect to it with any softphone and make our calls.### Yours, Pr0T3cT10n..
