6 matches found
Hardcoded credentials
websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 or RFC 2617 section 3.2.1. NOTE:...
CVE-2021-41615
The CVE-2021-41615 entry relates to GoAhead WebServer 2.1.8 (websda.c) having insufficient nonce entropy because nonce calculation uses a hardcoded value (onceuponatimeinparadise) that does not comply with RFC 7616/2617 secret-data guidelines. The vulnerability is documented with a high CVSS v3.1...
Obihai Patches Memory Corruption, DoS, CSRF Vulnerabilities
Obihai Technology recently patched vulnerabilities in its ObiPhone IP phones that could have led to memory corruption, buffer overflow, and denial of service conditions, among other outcomes. The California-based company manufactures IP-enabled phones and VOIP telephone adapters it calls OBi...
ObiHai ObiPhone 1032/1062 < 5-0-0-3497 - Multiple Vulnerabilities
Exploit for hardware platform in category dos / poc ObiHai ObiPhone - Multiple Vulnerabilities ------------------------------------------ Introduction ============ Multiple vulnerabilities were discovered in the web management interface of the ObiHai ObiPhone products. The Vulnerabilities were...
ObiHai ObiPhone 10321062 5-0-0-3497 - Multiple Vulnerabilities
ObiHai ObiPhone 10321062 5-0-0-3497 - Multiple Vulnerabilities ObiHai ObiPhone - Multiple Vulnerabilities ------------------------------------------ Introduction ============ Multiple vulnerabilities were discovered in the web management interface of the ObiHai ObiPhone products. The...
ObiHai ObiPhone 1032/1062 < 5-0-0-3497 - Multiple Vulnerabilities
ObiHai ObiPhone - Multiple Vulnerabilities ------------------------------------------ Introduction ============ Multiple vulnerabilities were discovered in the web management interface of the ObiHai ObiPhone products. The Vulnerabilities were discovered during a black box security assessment and...