The PhonerLite phone before 2.15 provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.
References
Link | Resource |
---|---|
https://seclists.org/bugtraq/2014/Mar/185 | Mailing List Third Party Advisory |
Configurations
Information
Published : 2020-02-12 06:15
Updated : 2020-02-14 07:30
NVD link : CVE-2014-2560
Mitre link : CVE-2014-2560
JSON object : View
CWE
CWE-916
Use of Password Hash With Insufficient Computational Effort
Products Affected
phoner
- phonerlite