Weak Password Hashing in Cisco Unified Videoconferencing System
CVE-2010-4302

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Videoconferencing System 5110 Firmware; Unified Videoconferencing System 5115 Firmware; Unified Videoconferencing System 5110; Unified Videoconferencing System 5115
Vendor: CVE Published:; 22 November 2010

Summary

The Cisco Unified Videoconferencing System 5110 and 5115 are susceptible to a vulnerability stemming from the use of a weak hashing algorithm for storing administrative and operator passwords. This design flaw, present under Linux operating systems, allows local users to exploit the weakness and potentially recover cleartext passwords, thereby gaining unauthorized access to sensitive information. This issue emphasizes the critical need for robust password security measures to safeguard against unauthorized data access.

References

http://www.trustmatta.com/advisories/MATTA-2010-001.txt

x_refsource_MISC

http://www.cisco.com/en/US/products/products_security_res...

vendor-advisoryx_refsource_CISCO

http://seclists.org/fulldisclosure/2010/Nov/167

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Nov 22, 2010