Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Vista
Two attacks against VoIP
Peter Thermos

"We are more secure than a regular phone line."

Comments Mode:
Two attacks against VoIP 2006-04-06
Tobias Glemser (3 replies)
Re: Two attacks against VoIP 2006-04-06
Author (2 replies)
Re: Re: Two attacks against VoIP 2006-04-12
Tobias Glemser
Re: Re: Two attacks against VoIP 2006-04-16
Anonymous
Re: Two attacks against VoIP 2006-04-06
Anonymous (1 replies)
" E. g. a standard asterisk SIP-Proxy will always reply with a "SIP/2.0 401 Unauthorized", also submitting a digest and a realm value. The client then has to authenticate using a response value which is normally a MD5 Hash consisting of Username, Password, nonce, HTTP Request Method and Request URI. "

None of this seems to have any entropy. Which means it's vulnerable to replay attacks, just as the article states.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/infocus/1862/512#512
Re: Re: Two attacks against VoIP 2006-04-12
Tobias Glemser
Re: Two attacks against VoIP 2006-04-07
Roger (1 replies)
Re: Re: Two attacks against VoIP 2006-09-25
VoIP_Hacker
Two attacks against VoIP 2006-04-06
Greg (1 replies)
Re: Two attacks against VoIP 2006-10-24
Wireless_VOIP
Two attacks against VoIP 2006-04-07
Peter Thermos
Two attacks against VoIP 2006-04-10
Anonymous
Two attacks against VoIP 2006-04-11
MidNet
Two attacks against VoIP 2006-11-09
Anonymous







 

Privacy Statement
Copyright 2007, SecurityFocus