WARN security issue detected: digest leaked INFO call picked up by 23:09:18] received BYE, challenging that with a 407 To reproduce this issue, we made use of SIPVicious PRO's SIP digest leak tool as follows: However, because many gateways are actually public, this information can easily be retrieved. Instead, what is required for this attack to work is the ability to cause the victim server to send SIP request messages to the malicious party.Īdditionally, to exploit this issue, the attacker needs to specify the correct realm which might in some cases be considered secret. ![]()
0 Comments
Leave a Reply. |