CVE-2005-0506

Avaya IP Office Phone Manager - Info Disclosure

Title source: llm

Description

The Avaya IP Office Phone Manager, and other products such as the IP Softphone, stores sensitive data in cleartext in a registry key, which allows local and possibly remote users to steal usernames and passwords and impersonate other users via keys such as Avaya\IP400\Generic.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Adrian _pagvac_ Pastor · c++localwindows

https://www.exploit-db.com/exploits/839

View Code ZIP pw:eip

References (3)

[Mailing List] http://marc.info/?l=bugtraq&m=110909733831694&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=110910486128709&w=2

[Vendor Advisory] http://support.avaya.com/elmodocs2/security/ASA-2005-041_Sensitive_Info_Leak.pdf

Scores

EPSS 0.0378

EPSS Percentile 88.1%

Details

Status published

Products (2)

avaya/ip_office_phone_manager

avaya/ip_soft_phone

Published Mar 14, 2005

Tracked Since Feb 18, 2026