• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Pingtel Expressa Admin Account Login Session Timeout Vulnerability

Expressa is the Java-Based Voice-Over-IP phone developed and distributed by Pingtel.

The admin login of Expressa phones does not time out sessions. If an admin logs into the phone via the keypad, the admin will stay logged in to the phone until the admin either selects "ok" or "cancel." As a result, an admin that logs in and forgets to log out leaves the phone admin accessible to any user with physical access to the phone.