Configuration Disclosure: Infrastructure

• Vulnerability:

• • Most hard-phones use FTP or TFTP when booting
  • TFTP is an insecure protocol
  • FTP is an insecure protocol

• Attack:

• • FTP: Sniff the device’s login credentials
  • TFTP: Guess or sniff the filenames
  • Grab the configuration file and firmware from the server
  • Or just sniff the firmware and configuration file from the wire

• Effect:

• • Disclosure of sensitive information such as:
  • • Usernames / Passwords
    • Call Server, Gateway, Registration Server, etc.
    • Available VoIP services