I was thinking about running John the Ripper on a lab box that is affected to try to get the password. Not sure if it will find anything though.
On Mon, Nov 20, 2017 at 11:50 AM, Pete Brown <j...@chykn.com> wrote: > I wonder if there are any existing penetration testing utilities to check > for these conditions on UCOS hosts? > > > If not, challenge accepted. > > ------------------------------ > *From:* cisco-voip <cisco-voip-boun...@puck.nether.net> on behalf of > Brian Meade <bmead...@vt.edu> > *Sent:* Monday, November 20, 2017 10:25 AM > *To:* Anthony Holloway > *Cc:* cisco-voip@puck.nether.net > *Subject:* Re: [cisco-voip] Cisco Voice Operating System-Based Products > Unauthorized Access Vulnerability > > Anyone got some ideas on trying to crack this UCOS password? Should help > us out in scanning our customers to see if they are affected, but we > wouldn't want this password to end up indexed by google and make the issue > even worse. > > On Fri, Nov 17, 2017 at 4:46 PM, Anthony Holloway < > avholloway+cisco-v...@gmail.com> wrote: > > Bwahaha! I just logged in to your CUCM Tim. > > On a serious note, I think it’s interesting how this “flag” issue is such > a big deal, when back in the old days of UCCX, Cisco was creating an > intentional back-door in all installs, using the same username and password > on all of them. > > For the curious, it was : > > Username: CRSAdministrator > Password: NwY.t9g(f'L9[3C > > If you have access to a UCCX 7x or lower, try logging in to Windows with > that account and report back if it worked. > > If it does work, check the MADM logs on the C: for the clear text AXL > username and password, so you can compromise CUCM too! > On Fri, Nov 17, 2017 at 1:46 PM Tim Frazee <tfra...@gmail.com> wrote: > > heads up > > https://tools.cisco.com/security/center/content/CiscoSecurit > yAdvisory/cisco-sa-20171115-vos > <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.cisco.com%2Fsecurity%2Fcenter%2Fcontent%2FCiscoSecurityAdvisory%2Fcisco-sa-20171115-vos&data=02%7C01%7Cjpb%40chykn.com%7Cc6d62618f1394047c79708d530335cb9%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636467919512806356&sdata=IdvnVpdKRKohCUKQSKKh4bKfelSJUiZAdjH11YhCLns%3D&reserved=0> > > > _______________________________________________ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip > <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=02%7C01%7Cjpb%40chykn.com%7Cc6d62618f1394047c79708d530335cb9%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636467919512806356&sdata=vOKtR8Wsv5fwFmwmyehk7Nn8m7NSLCh4DhqdDBz5Bos%3D&reserved=0> > > > _______________________________________________ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip > <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=02%7C01%7Cjpb%40chykn.com%7Cc6d62618f1394047c79708d530335cb9%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636467919512806356&sdata=vOKtR8Wsv5fwFmwmyehk7Nn8m7NSLCh4DhqdDBz5Bos%3D&reserved=0> > > >
_______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip