|
|
|
 |
Vulnerability Note VU#742115Avaya Argent Office uses weak authentication for TFTP-based administrative controlOverviewThe Avaya Argent Office contains a weak authentication mechanism for administrative access.I. DescriptionThe Avaya Argent Office uses a TFTP-based mechanism to accept requests for administrative functions. By requesting "files" from the device via its internal interface, administrators can trigger functions such as restarting the device. This mechanism does require a password, but the algorithm used to encrypt the password is both predictable and reversible. Therefore, an attacker who can listen to traffic on the same network segment as the device's administrative interface can easily obtain the password and either reuse it or reverse it for use elsewhere.II. ImpactThis vulnerability allows attackers on the same shared network segment to perform unauthorized administrative functions.III. SolutionThe CERT/CC is currently unaware of a practical solution to this problem.Systems Affected
References
This vulnerability was reported to the Bugtraq mailing list on 08/07/2001 by Jacek Lipkowski. This document was written by Jeffrey P. Lanza.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Get Adobe Reader