FreeSWITCH 1.10.6 SIP Digest Leak

Discussion in 'News Aggregator' started by Packet Storm, 26 Oct 2021.

  1. Packet Storm

    Packet Storm Guest

    FreeSWITCH versions 1.10.6 and below suffer from a SIP digest leak vulnerability. An attacker can perform a SIP digest leak attack against FreeSWITCH and receive the challenge response of a gateway configured on the FreeSWITCH server. This is done by challenging FreeSWITCH's SIP requests with the realm set to that of the gateway, thus forcing FreeSWITCH to respond with the challenge response which is based on the password of that targeted gateway.

    Continue reading...
     

Share This Page

Loading...