The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 up to and including 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote malicious users to steal and easily decode the passwords via sniffing.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pingtel xpressa 1.2.5 |
||
pingtel xpressa 1.2.7.4 |