Skip to main content

Tags default passwords

Sandro Gauci

Sandro Gauci, Enable Security

Jitsi Meet on Docker default passwords - how bad is it, how to detect and fix it

Executive summary (TL;DR) Jitsi Meet on Docker contained default passwords for important users, which could be abused to run administrative XMPP commands, including shutting down the server, changing the administrative password and loading Prosody modules. We also provide instructions on how to check for this issue if you administer a Jitsi Meet server. Background story A few days ago we noticed a tweet by @joernchen mentioning something that sounded familiar, Jitsi.…

Read more »

Another interview with Robert Moore

Published on Sep 26, 2007 in , ,

Information Week published an interview with the notorious VoIP hacker who was charge with fraud last year. The main point that came out of the interview is that the password is the weakest link. He mentions two VoIP vendors - Cisco and MERA and how he felt comfortable with breaking into these systems because of default or easily guessable passwords. In a previous interview we learned that he mainly attacked H323 devices rather than SIP boxes, however the attacks that the attacker pulled off are quite similar to what you can do with SIPVicious tools.…

Read more »

Interview with a VoIP hacker

Published on Aug 3, 2007 in , ,

Telecom Junkies published an interview with Robert Moore, who has been convicted of VoIP hacking / fraud. In the interview, Moore explains that they used easily guessable passwords as well as default ones to get free VoIP service. The VoIP-based attacks targeted H.323 not SIP. Similar attacks to ones described in the interview can be launched on SIP based PBXs by making use of svmap, svwar and svcrack. Moral of the story: audit your PBX now before someone else does ;-)…

Read more »