TippingPoint SMS Server Authentication Bypass VulnerabilityZDI-06-013: May 9th, 2006
This vulnerability may allow attackers to access sensitive information from vulnerable TippingPoint SMS servers.
The specific flaw exists within the web management interface. Due to insufficient protections on specific directories, an attacker with access to the web interface may be able to view benign data such as the user manual. In the event that the device was being used for backup purposes, it may be possible for an attacker to identify additional information such as configuration settings.
Vendor Response3Com TippingPoint states:
This issue has been addressed in TippingPoint SMS Server release version 220.127.116.1178. Customers can obtain the update through the SMS device or by visiting http://tmc.tippingpoint.com
2006-01-19 - Vulnerability reported to vendor
2006-05-09 - Coordinated public release of advisory
CreditThis vulnerability was discovered by: