7.8 - VU#576996

Executive Summary

Summary
Title	NuPoint Messenger server transmits authentication credentials in plain text

Informations
Name	VU#576996	First vendor Publication	2009-05-06
Vendor	VU-CERT	Last vendor Modification	2009-05-06
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Cvss Base Score	7.8	Attack Range	Network
Cvss Impact Score	6.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#576996

NuPoint Messenger server transmits authentication credentials in plain text

Overview

NuPoint Messenger is a unified communications product that connects to a Microsoft Exchange server. When communicating with the mail server the NuPoint Messenger server transmits Exchange usernames and passwords in cleartext.

I. Description

The NuPoint Messenger server can connect to a Microsoft Exchange server via the IMAP or MAPI protocols. During the authentication process, the NuPoint server will send user domain authentication credentials in cleartext to the Exchange server. Older versions of the NuPoint Messenger product may transmit the NuPoint server's root password without encryption instead of individual usernames and passwords. Administrators are encouraged review the "NuPoint communication with MS Exchange" document for more information.

II. Impact

An attacker with access to network data may be able to obtain domain (Exchange) usernames and passwords.

III. Solution

There is no solution to this issue. Administrators are encourgaed to review the below workarounds to mitigate the impact of this vulnerability.

Encrypt connections between NuPoint and Exchange Servers

If the MAPI protocol is enabled, connections from the NuPoint server will be encrypted.
Using IPSec or some other VPN technology to encrypt the connection between the NuPoint and Exchange server will mitigate this vulnerability.

Restrict access

The NuPoint Messenger server should not use IMAP to connect to remote Exchange servers. If IMAP is enabled, the NuPoint server should be directly connected to the same isolated network as the Exchange server that it is communicating with.

Systems Affected

Vendor	Status	Date Notified	Date Updated
Mitel Networks, Inc.	Vulnerable	2009-04-30	2009-05-05

References

http://www.mitel.com/resources/NuPoint_and_Exchange.pdf
http://en.wikipedia.org/w/index.php?title=Messaging_Application_Programming_Interface&oldid=276195526

Credit

Simon Laurin of Simon Laurin Services-Conseils inc. reported this issue and provided valuable feedback. Mitel provided technical information that was used in this report.

This document was written by Ryan Giobbi.

Other Information

Date Public:	2008-12-04
Date First Published:	2009-05-06
Date Last Updated:	2009-05-06
CERT Advisory:
CVE-ID(s):
NVD-ID(s):
US-CERT Technical Alerts:
Metric:	1.80
Document Revision:	23

Original Source

Url : http://www.kb.cert.org/vuls/id/576996

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-310	Cryptographic Issues

CPE : Common Platform Enumeration

Type	Description	Count
Application	Mitel Mitel Nupoint Messenger cpe:2.3:a:mitel:mitel_nupoint_messenger:r3:::::::* cpe:2.3:a:mitel:mitel_nupoint_messenger:r11:::::::*	2

Open Source Vulnerability Database (OSVDB)

Id	Description
54681	NuPoint Messenger Server Cleartext Credentials Disclosure

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	2
osvdb(s)	1

	Related
7.8	CVE-2008-6797
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)