Description
The Avaya IP Office Phone Manager, and other products such as the IP Softphone, stores sensitive data in cleartext in a registry key, which allows local and possibly remote users to steal usernames and passwords and impersonate other users via keys such as Avaya\IP400\Generic.
Product(s):
- Avaya IP Office Phone Manager
- Avaya IP Soft Phone
- Avaya IP Softphone
- Avaya IP Softphone 5.2
- Avaya IP Softphone 5.2 SP2
- Avaya IP Softphone 6.01.85
- Avaya IP Softphone 6.0
- Avaya IP Softphone 6.0 SP4
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2005-0506, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2005-0506 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.