← back
CVE-2009-5139

CVE-2009-5139

EPSS 0.4%
The SIP implementation on the Gizmo5 software phone provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://resources.enablesecurity.com/resources/sipdigestleak-tut.pdfhttp://voipsa.org/pipermail/voipsec_voipsa.org/2009-April/002946.html