Create an Account
username: password:
 
  MemeStreams Logo

How to exploit the SIP Digest Leak vulnerability

search

possibly noteworthy
Picture of possibly noteworthy
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

possibly noteworthy's topics
Arts
Business
Games
Health and Wellness
Home and Garden
Miscellaneous
  Humor
Current Events
  War on Terrorism
Recreation
Local Information
  Food
Science
Society
  International Relations
  Politics and Law
   Intellectual Property
  Military
Sports
Technology
  Military Technology
  High Tech Developments

support us

Get MemeStreams Stuff!


 
How to exploit the SIP Digest Leak vulnerability
Topic: High Tech Developments 6:09 pm EDT, Apr  2, 2009

The SIP Digest Leak is a vulnerability that affects a large number of SIP Phones, including both hardware and software IP Phones as well as phone adapters (VoIP to analogue). The vulnerability allows leakage of the Digest authentication response, which is computed from the password. An offline password attack is then possible and can recover most passwords based on the challenge response.

By making use of sipdigestleak.py which is included in VOIPPACK, one can automate the process of getting the phone to ring, obtaining a challenge response and performing a brute-force attack. In this tutorial we shall be looking at how this module makes the whole process an easy task.

From the archive:

In this Special Edition, I sat down with Cullen Jennings out at VoiceCon San Francisco in August 2007 to talk about SIP security.

How to exploit the SIP Digest Leak vulnerability



 
 
Powered By Industrial Memetics
RSS2.0