lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20050307063401.77481.qmail@smasher.org>
Date: Mon, 7 Mar 2005 01:35:33 -0500 (EST)
From: Atom Smasher <atom@...sher.org>
To: BugTraq@...urityfocus.com
Subject: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

after unsuccessfully attempting to find contact information of anyone who 
can address or correct this, here's a public disclosure.

Vulnerability Name
   Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability

Overview
   the UTStarcom iAN-02EX is a VoIP ATA currently being used by Lingo (and 
other VoIP providers?). this advisory is specific to the configuration of 
the iAN-02EX device as currently shipped by Lingo, and may or may not 
apply to other configurations of the device. the default configuration 
leaves the ATA vulnerable to unauthorized remote access.

Description
   using the default password, a remote attacker may access the device via 
the WAN port. this problem is compounded by Lingo's recommendation that 
the device should be placed between a broadband modem and router 
("recommended method"). this configuration makes the ATA's WAN port 
accessible from the public internet.

Impact
   an attacker may cause a denial of service for voice and/or data traffic. 
an attacker may gain access to a customers speed-dial list and modify that 
list (this may be particularly dangerous if the attacker is a scorned 
ex-lover or overzealous admirer). an attacker may gain gain access to 
other areas of the LAN behind the ATA (by specifying it as a DMZ or port 
forwarding). an attacker may change the default password (the ATA doesn't 
appear to have a customer accessible hardware reset, which could compound 
a password problem). an attacker may cause other havoc for the VoIP 
customer.

Solution
   this vulnerability can be mitigated by not allowing login access via 
WAN. at the very least this feature should be disabled by default. ideally 
access via the WAN port should require that the default password is 
changed.

References
   http://www.utstar.com/Solutions/CPE/VoIP_CPE/
   http://www.utstar.com/Solutions/Document_Library/CPE/docs/SS_UTiAN02EX.pdf
   http://www.lingosupport.com/
   http://www.lingosupport.com/install_multi_01.html


- -- 
         ...atom

  _________________________________________
  PGP key - http://atom.smasher.org/pgp.txt
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
  -------------------------------------------------

 	"Your password must be at least 18770 characters and
 	 cannot repeat any of your previous 30689 passwords.
 	 Please type a different password. Type a password
 	 that meets these requirements in both text boxes."
 		-- Microsoft takes security seriously in
 		Knowledge Base Article Q276304.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures

iQEcBAEBCAAGBQJCK/Y8AAoJEAx/d+cTpVcieigH/2tclaF4CvkvQfgdOt3emrcT
XZK2a3K3gx9p1Cdy5pbXYSN+oh9EvV+LadYljASxl0IV1Kn32OZQMLJbfRTjJHf5
XaU4HIFS2n8Q/+HSVfOQCCOb1RAulD7Hpgj+/omh9kS4dHQdHJ3jBwQe9NCqF8M4
DG/H5uzB3SFuzDQemYuZOh5qnqNxUsI5TiTXAzww31tuR240sABiwGDB8eurEub3
+FWXcj9ytWMGdbk+Jq+J4MR1dDzv+pcK7cSQHUiEKtUJp0XrfyMJpgxMGxPFHWX9
T+8qM1lJw+7DNsSih6TY0OGRygVZezPpgPKZY0dDJpRvw651McQi+klWCeQU30c=
=VsqM
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ