Authentication Issue in VICIDIAL Dialer Product by VICIDIAL
CVE-2013-7382

Currently unrated

Key Information:

Vendor: Vicidial
Status: Vicidial
Vendor: CVE Published:; 17 May 2014

What is CVE-2013-7382?

The VICIDIAL dialer, also known as the Asterisk GUI client, contains a critical flaw due to a hardcoded password for VDAD and VDCL users. This vulnerability facilitates unauthorized remote access, allowing attackers to gain control over the system without proper authentication. The hardcoded password, 'donotedit', poses an increased risk for organizations relying on this software, making it essential to address this issue immediately to safeguard sensitive data and maintain system security.

References

https://adamcaudill.com/2013/10/23/vicidial-multiple-vuln...

x_refsource_MISC

http://www.openwall.com/lists/oss-security/2013/10/23/10

mailing-listx_refsource_MLIST

http://www.openwall.com/lists/oss-security/2013/10/25/1

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
May 17, 2014

Vicidial

What is CVE-2013-7382?

References

Timeline