Vulnerability Details CVE-2005-0506
The Avaya IP Office Phone Manager, and other products such as the IP Softphone, stores sensitive data in cleartext in a registry key, which allows local and possibly remote users to steal usernames and passwords and impersonate other users via keys such as Avaya\IP400\Generic.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.038
EPSS Ranking 87.7%
CVSS Severity
CVSS v2 Score 5.0
References
- http://marc.info/?l=bugtraq&m=110909733831694&w=2
- http://marc.info/?l=bugtraq&m=110910486128709&w=2
- http://support.avaya.com/elmodocs2/security/ASA-2005-041_Sensitive_Info_Leak.pdf
- http://marc.info/?l=bugtraq&m=110909733831694&w=2
- http://marc.info/?l=bugtraq&m=110910486128709&w=2
- http://support.avaya.com/elmodocs2/security/ASA-2005-041_Sensitive_Info_Leak.pdf
Products affected by CVE-2005-0506
-
cpe:2.3:a:avaya:ip_office_phone_manager:-
-
cpe:2.3:a:avaya:ip_soft_phone:-
-
cpe:2.3:a:avaya:ip_soft_phone:5.2
-
cpe:2.3:a:avaya:ip_soft_phone:6.0
-
cpe:2.3:a:avaya:ip_soft_phone:6.01.85