CVE-Veröffentlichung des Jahres
CVE-2010-3279 (unauthenticated maintenance access) und CVE-2010-3280 (user credentials disclosure) zur CCAgent Option der Alcatel-Lucent „OmniTouch Contact Center Standard Edition”:
A tool called „Tsa_Maintainance.exe” that ships with the product, can be used to view the debugging functions and status of the call center without any authentication. This way every call center agent can monitor the entire call-center, co-workers, can trace lines, deregister lines, etc…Und fefe ergänzt:
Further investigation showed that there is authentication available but it is implemented in the wrong way. In a normal setup, the client is sending the credentials to the server for verification. The ALCATEL WAY of user authentication is that the client verifies if authentication was successful. The call center agent server is sending the administrative password to the client in order to enable the client to decide to go on to the administrative functions or not. Therefore it is trivial to patch the client software to pass the authentication.
…
The password for the „SuperUser” is sent from the TSA server to the client in cleartext …
Ein Detail, was in dem Advisory nicht erwähnt wurde: das SuperUser-Passwort ist identisch mit dem root-Passwort von dem Linux auf der darunterliegenden Telefonanlage.
Unpackbar. Was habt Ihr für die CallCenter/Telefonanlage von Alcatel-Lucent nochmal bezahlt?
Tagged as: alcatel-lucent, linux, security, sicherheit, telefonanlage | Author: Martin Leyrer
[Dienstag, 20100921, 14:47 | permanent link | 1 Kommentar(e)
Priceless!
Comments are closed for this story.