The Hacker News
Roberto Suggi Liverani, founder of the OWASP (Open Web Application Security Project) New Zealand chapter discover a vulnerability in Cisco CallManager AKA Unified Communications Manager. It is a software-based call-processing system developed by Cisco Systems.
UPCOMING WEBINAR
Cracking the Code: Learn How Cyber Attackers Exploit Human Psychology

Ever wondered why social engineering is so effective? Dive deep into the psychology of cyber attackers in our upcoming webinar.

Join Now

He described on his blog "During a security review, I have found a quick way to perform PIN brute force attack against accounts registered with a Cisco Unified Communications Manager (CallManager)."

Researcher target the HTTP GET requests used by CallManager to initiate the login process. :
https://x.x.x.x/ccmpd/pdCheckLogin.do?name=undefined

He Demonstrated the idea with Burp Suite (Penetration testing Framework). He showed the html form parameter used for login as shown below:
https://x.x.x.x/ccmpd/login.do?sid=_sid_value_&userid=_userid_&pin=_PIN_

The sid token is required to perform the PIN brute force attack. So first get a valid sid token value and then you can brute force userid and pin using dictionary attack or Combination attack.

The Hacker NewsOthers can use HYDRA(most powerful bruteforce tool) , which is capable of brute forcing HTTP web requests.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.