Roberto Suggi Liverani, founder of the OWASP (Open Web Application Security Project) New Zealand chapter discover a vulnerability in Cisco CallManager AKA Unified Communications Manager. It is a software-based call-processing system developed by Cisco Systems.

He described on his blog "During a security review, I have found a quick way to perform PIN brute force attack against accounts registered with a Cisco Unified Communications Manager (CallManager)."

Researcher target the HTTP GET requests used by CallManager to initiate the login process. : 
https://x.x.x.x/ccmpd/pdCheckLogin.do?name=undefined

He Demonstrated the idea with Burp Suite (Penetration testing Framework). He showed the html form parameter used for login as shown below:
https://x.x.x.x/ccmpd/login.do?sid=_sid_value_&userid=_userid_&pin=_PIN_

The sid token is required to perform the PIN brute force attack. So first get a valid sid token value and then you can brute force userid and pin using dictionary attack or Combination attack.

Others can use HYDRA(most powerful bruteforce tool) , which is capable of brute forcing HTTP web requests.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.