FreeSWITCH 1.10.6 SIP Digest Leak

Posted by deepcore on October 26, 2021 – 8:51 pm

FreeSWITCH versions 1.10.6 and below suffer from a SIP digest leak vulnerability. An attacker can perform a SIP digest leak attack against FreeSWITCH and receive the challenge response of a gateway configured on the FreeSWITCH server. This is done by challenging FreeSWITCH’s SIP requests with the realm set to that of the gateway, thus forcing FreeSWITCH to respond with the challenge response which is based on the password of that targeted gateway.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« phpMyAdmin 4.8.1 Remote Code Execution GridPro Request Management For Windows Azure Pack 2.0.7905 Directory Traversal »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

FreeSWITCH 1.10.6 SIP Digest Leak

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL