Vulnerability Description
The Avaya IP Office Phone Manager, and other products such as the IP Softphone, stores sensitive data in cleartext in a registry key, which allows local and possibly remote users to steal usernames and passwords and impersonate other users via keys such as Avaya\IP400\Generic.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Avaya | Ip Office Phone Manager | All versions |
| Avaya | Ip Soft Phone | All versions |
References
- http://marc.info/?l=bugtraq&m=110909733831694&w=2
- http://marc.info/?l=bugtraq&m=110910486128709&w=2
- http://support.avaya.com/elmodocs2/security/ASA-2005-041_Sensitive_Info_Leak.pdfVendor Advisory
- http://marc.info/?l=bugtraq&m=110909733831694&w=2
- http://marc.info/?l=bugtraq&m=110910486128709&w=2
- http://support.avaya.com/elmodocs2/security/ASA-2005-041_Sensitive_Info_Leak.pdfVendor Advisory
FAQ
What is CVE-2005-0506?
CVE-2005-0506 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Avaya IP Office Phone Manager, and other products such as the IP Softphone, stores sensitive data in cleartext in a registry key, which allows local and possibly remote users to steal usernames an...
How severe is CVE-2005-0506?
CVE-2005-0506 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-0506?
Check the references section above for vendor advisories and patch information. Affected products include: Avaya Ip Office Phone Manager, Avaya Ip Soft Phone.