# -----------------------------------# Polycom IP Phone is vulnerable for a data disclosure, the following will explain you how to read the password.. |
# The vulnerabilitu allows an unprivileged attacker to read the sip details including password. |
# The vulnerablities are in: |
# * DATA DISCLOSURE - Password disclosure: http://127.0.0.1/reg_1.htm |
#----------------------------------- |
# Vulnerability Title: Polycom IP Phone Web Interface Data Diclosure Vulnerability |
# Date: 08/06/2011 |
# |
# Website Link: http://www.polycom.com |
# Tested on Version: ALL |
# |
### |
###### NOTE: The Polycom ip phone software is also vulnerability for unauthorized person to access the web interface. |
###### It happen because there is no password thats protects the interface. |
###### Anyway, the default username and password are username "Polycom" and password "456" |
## DATA DISCLOSURE: |
# The data disclosure vulnerability found in the section of 'Lines' -> 'Line 1' of 'Polycom IP Phone' software. |
# The vulnerability allows the attacker to disclosure the password of the username for the phone line that connected. |
# To exploit the vulnerability and discluse the data we need to access to the 'Polycom IP Phone' by this url 'http://address/reg_1.htm'. |
# Then we can see in the source code by the field 'reg.1.auth.password' and then we see the magic! thats is the password for the username by the sip server. |
# Now if we already have the sip server, username and password so we can connect to it with any softphone and make our calls. |
## |
# Yours, 