Base64 Encoded Credentials Vulnerability in Pingtel xpressa SIP-based Voice-over-IP Phone

Base64 Encoded Credentials Vulnerability in Pingtel xpressa SIP-based Voice-over-IP Phone

CVE-2002-0670 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to steal and easily decode the passwords via sniffing.

Learn more about our Web App Pen Testing.