Published: 12/02/2020 Updated: 14/02/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

The PhonerLite phone prior to 2.15 provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote malicious users to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phoner phonerlite

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I Advisory Summary Title: SIP Digest Leak Information Disclosure in PhonerLite 214 SIP Soft Phone Date Published: March 30, 2014 Vendors contacted: Heiko Sommerfeldt, PhonerLite author Discovered by: Jason Ostrom Severity: Medium II Vulnerability Scoring Metrics CVE Reference: CVE-2014-2560 CVS ...

PhonerLite SIP soft phone version 214 is vulnerable to revealing SIP MD5 digest authenticated user credential hash via spoofed SIP INVITE message sent by a malicious 3rd party After responding back to an authentication challenge to the BYE message, PhonerLite leaks the hashed MD5 digest credentials ...

CWE-916 https://seclists.org/bugtraq/2014/Mar/185 https://nvd.nist.gov https://www.exploit-db.com/exploits/32643/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-2560

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect