Brute Force Attack Can Break PINs of Cisco CallManager Accounts, Researcher Finds

The attack relies on a “sid” token obtained in response to an HTTP GET request

By Eduard Kovacs on October 1st, 2012 15:15 GMT

While performing a review of Cisco’s Unified Communications Manager (CallManager) – a software-based call-processing system –, security researcher Roberto Suggi Liverani has identified a simple way to break the PINs of registered accounts by performing a brute force attack.

“When looking at the phone handset configuration, some URLs are set to allow the handset to retrieve Personal Address Book details or access the Fast Dials. That caught my attention and I immediately pointed my web proxy to those URLs, forgetting about the handset interface,” the expert explained.

The researcher noticed that the handset itself is actually performing simple GET HTTP requests to the CallManager to initiate the login sequence.

The response contains a “sid” token which is needed to perform the brute force attack. Then, a web proxy, such as Burp, can aid in performing this brute force attack.

The technical details for the attack are available here.
Researcher finds way to brute force PINs of accounts registered with Cisco's CallManager
   Researcher finds way to brute force PINs of accounts registered with Cisco's CallManager
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

1 Comment