Internet Telephony Product of the Year

Avaya 4602SW SIP Phone vulnerable to server impersonation

Advisory Number: VIPER-2007-046
Release Date: 2007.06.19
Source: Sipera VIPER Lab
Systems Affected: Avaya 4602 SW IP Phone (Model 4602D02A)
Category: Weak Authentication
Severity: Medium

Overview

Avaya 4602SW IP phone does not enforce server authentication using cnonce parameter during MD5 digest authentication potentially allowing an attacker to impersonate the server

Impact

An active attacker may hijack the call and compromise confidentiality of VoIP communication

Description

Avaya 4602SW can be used as a SIP-based IP phone in conjunction a SIP call server. It supports MD5 digest authentication method to authenticate itself to the server. However, it does not use cnonce parameter in Authorization header of SIP requests which leaves it vulnerable to server impersonation attacks. An active or man-in-the-middle attacker may impersonate the server and hijack communication between the un-suspecting phone and server. Attacker may then be able to listen to confidential conversations.

Solution

Phone SIP stack implementations should be patched enforce server authentication. As a best practice, TLS with mutual authentication should be used.

For more information on any of these threat advisories, please email Sipera VIPER Lab at viper@sipera.com

UC Security Defined
Sipera Systems, the leader in real-time Unified Communications (UC) security, is the choice of enterprises and service providers around the world to support their mission-critical UC deployments.
Sipera offers groundbreaking, production-proven solutions that secure voice, video, messaging, collaboration, and other real-time communications in converged IP networks, boosting compliance with information security requirements.
Backed by the industry-leading research of the VIPER lab, Sipera's solutions provide comprehensive threat protection, policy enforcement, access control, and encryption in a single flexible appliance.

© Copyright 2010 Sipera Systems, Inc. All rights reserved. Sipera, Sipera UC-Sec and related products, SLiC, Sipera LAVA and Sipera VIPER are trademarks of Sipera Systems, Inc.