POC32 Unauthorized Telnet Access Vulnerability

POC32 is a program designed to decode POCSAG pager messages captured via scanning the pager frequencies. These encoded messages are then transferred to the computer via audible signal, and decoded and displayed by the POC32 software.

POC32 allows remote usage via TCP/IP. There is an option to turn this feature off, however even with it disabled it is still possible to telnet to the POC32 port. The software will allow multiple attempts, so the password is susceptible to brute-force attacks. A successful connection would allow an attacker to view decoded pager messages.

The default port is 8000 and the default password is 'password'.


Privacy Statement
Copyright 2010, SecurityFocus