VULHUB ™

OmniPCX is an enterprise-level Personal Communications Exchange (PCX) system maintained and distributed by Alcatel. By default, OmniPCX does not use shadowed passwords. While this is not inherently a vulnerability as OmniPCX systems are not designed for multi-user access, this problem can lead to issues such as local privilege access and elevation when combined with issues such as Bugtraq ID 4127, "Alcatel OmniPCX Default Passwords Vulnerability." If a remote user is able to gain access to the system via some unprivileged account, it is possible for the user to retrieve the encrypted password hashes and launch a brute force crack attack against them offline. This may be a Chorus OS problem, currently maintained by Sun Microsystems.

OmniPCX is an enterprise-level Personal Communications Exchange (PCX) system maintained and distributed by Alcatel. By default, OmniPCX does not use shadowed passwords. While this is not inherently a vulnerability as OmniPCX systems are not designed for multi-user access, this problem can lead to issues such as local privilege access and elevation when combined with issues such as Bugtraq ID 4127, "Alcatel OmniPCX Default Passwords Vulnerability." If a remote user is able to gain access to the system via some unprivileged account, it is possible for the user to retrieve the encrypted password hashes and launch a brute force crack attack against them offline. This may be a Chorus OS problem, currently maintained by Sun Microsystems.