|
|
Info |
Last Modified |
| 7 months ago |
|
|
|
|
Description |
Several products of T-Mobile and Verizon Northwest contains a flaw that may allow a remote attacker to bypass authentication settings. The issue is due to the implicit trust of Caller-IDs (CID) as the sole authentication mechanism. By spoofing the target number and calling the target, the voice mailbox would go into administation mode without verifying any authentication if the call stays unanswered. It is possible for a remote attacker to arbitrarily access the targets voicemail message center resulting in a loss of integrity and/or confidentiality.
|
|
Classification |
Location:
Dialup Access Required
Attack Type:
Authentication Management,
Hijacking,
Information Disclosure
Impact:
Loss of Confidentiality,
Loss of Integrity
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
|
|
Solution |
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
|
|
Products |
|
Unspecified
 |
Unknown or Unspecified |
|
Unspecified
|
Unknown or Unspecified |
|
|
|
|
Credit |
- Samy Kamkar - Dachb0den Research Labs
- Lance James - Secure Science Corporation
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
