• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Pingtel Expressa Default Blank Administrator Password Vulnerability

Expressa is the Java-Based Voice-Over-IP phone developed and distributed by Pingtel.

It has been discovered that Pingtel Expressa phones do not require the setting of an administrator password by default. The default password set for Expressa phones is a NULL value, which allows access to administrative functions without authentication whatsoever.