Condorlab

Android OS Session Fixation

Advisory ID RSN-UT-0026 Vulnerability Information Some networks allow a user to attempt to establish multiple SIP sessions simultaneously rather than restricting a user to a single voice session, which may lead to denial of service attac...

Android OS Improper Authentication

Advisory ID RSN-UT-0025 Vulnerability Information Some networks do not properly authenticate every SIP message, allowing spoofing of phone numbers. Impact When an actor claims to have a given identity, the software does not pro...

Android OS Improper Access Control

Advisory ID RSN-UT-0024 Vulnerability Information Access control involves the use of several protection mechanisms such as authentication (proving the identity of an actor) authorization (ensuring that a given actor can access a resource...

ZoIPer Call-Info Denial of service

Advisory ID RSN-UT-0020 Vulnerability Information ZoIPer is vulnerable to a denial of service, caused by an error when processing SIP INVITE messages. By sending a specially-crafted SIP INVITE message with an empty Call-Info header, a re...

KPhone Local information disclosure

Advisory ID RSN-UT-0022 Vulnerability Information kphone 4.2 creates .qt/kphonerc with world-readable permissions, which allows local users to read usernames and SIP passwords. Impact Allows local read usernames and SIP passwor...