<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
</head>
<body dir="ltr">
<div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;font-family:Calibri,Helvetica,sans-serif;" dir="ltr">
<p>If you have an affected lab box, any chance you could package up few files and send them over off list?</p>
<br>
<br>
<div style="color: rgb(0, 0, 0);">
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> bmeade90@gmail.com <bmeade90@gmail.com> on behalf of Brian Meade <bmeade90@vt.edu><br>
<b>Sent:</b> Monday, November 20, 2017 11:48 AM<br>
<b>To:</b> Pete Brown<br>
<b>Cc:</b> Anthony Holloway; cisco-voip@puck.nether.net<br>
<b>Subject:</b> Re: [cisco-voip] Cisco Voice Operating System-Based Products Unauthorized Access Vulnerability</font>
<div> </div>
</div>
<div>
<div dir="ltr">I was thinking about running John the Ripper on a lab box that is affected to try to get the password. Not sure if it will find anything though.</div>
<div class="x_gmail_extra"><br>
<div class="x_gmail_quote">On Mon, Nov 20, 2017 at 11:50 AM, Pete Brown <span dir="ltr">
<<a href="mailto:jpb@chykn.com" target="_blank">jpb@chykn.com</a>></span> wrote:<br>
<blockquote class="x_gmail_quote" style="margin:0 0 0 .8ex; border-left:1px #ccc solid; padding-left:1ex">
<div dir="ltr">
<div id="x_m_-3859678869142093581divtagdefaultwrapper" dir="ltr" style="font-size:12pt; color:#000000; font-family:Calibri,Helvetica,sans-serif">
<p>I wonder if there are any existing penetration testing utilities to check for these conditions on UCOS hosts?</p>
<p><br>
</p>
<p>If not, challenge accepted.</p>
<div><br>
</div>
<div style="color:rgb(0,0,0)">
<hr style="display:inline-block; width:98%">
<div id="x_m_-3859678869142093581divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> cisco-voip <<a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">cisco-voip-bounces@puck.<wbr>nether.net</a>>
on behalf of Brian Meade <<a href="mailto:bmeade90@vt.edu" target="_blank">bmeade90@vt.edu</a>><br>
<b>Sent:</b> Monday, November 20, 2017 10:25 AM<br>
<b>To:</b> Anthony Holloway<br>
<b>Cc:</b> <a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<b>Subject:</b> Re: [cisco-voip] Cisco Voice Operating System-Based Products Unauthorized Access Vulnerability</font>
<div> </div>
</div>
<div>
<div class="x_h5">
<div>
<div dir="ltr">Anyone got some ideas on trying to crack this UCOS password? Should help us out in scanning our customers to see if they are affected, but we wouldn't want this password to end up indexed by google and make the issue even worse.</div>
<div class="x_m_-3859678869142093581x_gmail_extra"><br>
<div class="x_m_-3859678869142093581x_gmail_quote">On Fri, Nov 17, 2017 at 4:46 PM, Anthony Holloway
<span dir="ltr"><<a href="mailto:avholloway+cisco-voip@gmail.com" target="_blank">avholloway+cisco-voip@gmail.<wbr>com</a>></span> wrote:<br>
<blockquote class="x_m_-3859678869142093581x_gmail_quote" style="margin:0 0 0 .8ex; border-left:1px #ccc solid; padding-left:1ex">
Bwahaha! I just logged in to your CUCM Tim. <br>
<br>
On a serious note, I think it’s interesting how this “flag” issue is such a big deal, when back in the old days of UCCX, Cisco was creating an intentional back-door in all installs, using the same username and password on all of them.
<br>
<br>
For the curious, it was :<br>
<br>
Username: CRSAdministrator<br>
Password: NwY.t9g(f'L9[3C<br>
<br>
If you have access to a UCCX 7x or lower, try logging in to Windows with that account and report back if it worked.
<br>
<br>
If it does work, check the MADM logs on the C: for the clear text AXL username and password, so you can compromise CUCM too!<br>
<div class="x_m_-3859678869142093581x_gmail_quote">
<div dir="ltr">On Fri, Nov 17, 2017 at 1:46 PM Tim Frazee <<a href="mailto:tfrazee@gmail.com" target="_blank">tfrazee@gmail.com</a>> wrote:<br>
</div>
<blockquote class="x_m_-3859678869142093581x_gmail_quote" style="margin:0 0 0 .8ex; border-left:1px #ccc solid; padding-left:1ex">
<div dir="ltr">heads up
<div><br>
</div>
<div><a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.cisco.com%2Fsecurity%2Fcenter%2Fcontent%2FCiscoSecurityAdvisory%2Fcisco-sa-20171115-vos&data=02%7C01%7Cjpb%40chykn.com%7Cc6d62618f1394047c79708d530335cb9%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636467919512806356&sdata=IdvnVpdKRKohCUKQSKKh4bKfelSJUiZAdjH11YhCLns%3D&reserved=0" target="_blank">https://tools.cisco.com/securi<wbr>ty/center/content/CiscoSecurit<wbr>yAdvisory/cisco-sa-20171115-<wbr>vos</a><br clear="all">
<div><br>
</div>
<br>
</div>
</div>
______________________________<wbr>_________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=02%7C01%7Cjpb%40chykn.com%7Cc6d62618f1394047c79708d530335cb9%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636467919512806356&sdata=vOKtR8Wsv5fwFmwmyehk7Nn8m7NSLCh4DhqdDBz5Bos%3D&reserved=0" rel="noreferrer" target="_blank">https://puck.nether.net/mailma<wbr>n/listinfo/cisco-voip</a><br>
</blockquote>
</div>
<br>
______________________________<wbr>_________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=02%7C01%7Cjpb%40chykn.com%7Cc6d62618f1394047c79708d530335cb9%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636467919512806356&sdata=vOKtR8Wsv5fwFmwmyehk7Nn8m7NSLCh4DhqdDBz5Bos%3D&reserved=0" rel="noreferrer" target="_blank">https://puck.nether.net/mailma<wbr>n/listinfo/cisco-voip</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</div>
</body>
</html>