CyberSec.Space Logo
Back to CVE Browser

CVE-2002-0670

HIGH
7.5
CVSS Severity Score
EPSS Score0.1590%
EPSS Percentile21.42th
PublishedJul 23, 2002
Last ModifiedApr 16, 2026

Vulnerability Description

The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to steal and easily decode the passwords via sniffing.

Affected Platforms (CPE)

πŸ”Œ
Pingtel

Xpressa

= 1.2.5
πŸ”Œ
Pingtel

Xpressa

= 1.2.7.4

References & Advisories

πŸ”— http://www.atstake.com/research/advisories/2002/a071202-1.txt
πŸ”— http://www.iss.net/security_center/static/9565.php
πŸ”— http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
πŸ”— http://www.atstake.com/research/advisories/2002/a071202-1.txt
πŸ”— http://www.iss.net/security_center/static/9565.php
πŸ”— http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp

Related Vulnerabilities

CVE-2002-066710.0

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password, which could allow r...

CVE-2002-06719.8

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verif...

CVE-2002-06687.5

The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the...

CVE-2002-06747.2

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not "time out" an inactive administrator session, which c...