Menu

Database

Hitachi IP5000 802.11 VOIP Phone Uses a Hard-coded Password

WVE ID: WVE-2006-0010

Type: Vulnerability

Status: Candidate

Classification:
Authentication Management

Description:
The Hitachi IP5000 802.11 VOIP phone uses a hard-coded password to protect it from being configured by unauthorized parties.

Discussion:
The Hitachi IP5000 802.11 VOIP phone provides a means to configure it by using the keypad on the handset. In order to limit access to this functionality a hard-coded password of "0000" is used.

After gaining physical access it is possible for an attacker to reconfigure the phone or obtain information a user has stored in the phone such as their personal contacts.

Credits
Author: Shawn Merdinger (shawnmer@gmail.com) : None

References
URL: http://www.hitachi-cable.co.jp/ICSFiles/infosystem/security/76659792_e.pdf
URL: http://seclists.org/lists/fulldisclosure/2005/Nov/0543.html
URL: http://www.wirelessip5000.com/

Released: 2005-11-16

Submitter
Andrew Lockhart (alockhart@networkchemistry.com) : Network Chemistry

Submitted: Mon Jan 30 16:07:12 -0800 2006

Candidate Date: Wed Feb 01 10:23:04 -0800 2006


Recent Entries

TKIP Replay and Plaintext Discovery
WVE-2008-0013 11/18/2008
Active Https Cookie Hijacking
WVE-2008-0012 9/18/2008
Auto Immune Attack
WVE-2008-0011 9/17/2008
Marvell Null SSID Association Request
WVE-2008-0010 9/15/2008
Marvell EAPOL-Key Length Overflow
WVE-2008-0009 9/15/2008
Atheros IE Tag Overflow
WVE-2008-0008 9/15/2008
Weaknesses in the A5/1 Cipher
WVE-2008-0007 4/9/2008
Block ACK DoS
WVE-2008-0006 4/9/2008
GF Mode WIDS Rogue AP Evasion
WVE-2008-0005 4/9/2008
HT Intolerant Degradation of Service
WVE-2008-0004 4/9/2008
More Entries...

News

SANS Institute Sponsors WVE
4/19/2008
Wireless Attackers and Honeypot Technology
4/15/2008
High Speed Risks in 802.11n Slides Posted
4/11/2008
Vulnerabilities in 802.11n
4/9/2008
WVE Editors Speaking at SHARKFEST.08
1/3/2008
More News...