• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Alcatel OmniPCX Password File Encrypted Password Access Vulnerability

OmniPCX is an enterprise-level Personal Communications Exchange (PCX) system maintained and distributed by Alcatel.

By default, OmniPCX does not use shadowed passwords. While this is not inherently a vulnerability as OmniPCX systems are not designed for multi-user access, this problem can lead to issues such as local privilege access and elevation when combined with issues such as Bugtraq ID 4127, "Alcatel OmniPCX Default Passwords Vulnerability." If a remote user is able to gain access to the system via some unprivileged account, it is possible for the user to retrieve the encrypted password hashes and launch a brute force crack attack against them offline. This may be a Chorus OS problem, currently maintained by Sun Microsystems.