While performing a review of Cisco’s Unified Communications Manager (CallManager) – a software-based call-processing system –, security researcher Roberto Suggi Liverani found a way to break the PINs of registered accounts by performing a brute force attack.
“When looking at the phone handset configuration, some URLs are set to allow the handset to retrieve Personal Address Book details or access the Fast Dials. That caught my attention and I immediately pointed my web proxy to those URLs, forgetting about the handset interface,” the expert explained.
The researcher noticed that the handset itself is actually performing simple GET HTTP requests to the CallManager to initiate the login sequence.
The response contains a “sid” token which is needed to perform the brute force attack. Because it isn’t possible to perform a userID enumeration, the attack is done with an application such as Burp.
The technical details for the attack are available on Roberto Suggi Liverani’s personal blog.
0 comments:
Post a Comment