[VoiceOps] Allworx Security Advisory
J. Oquendo
joquendo at e-fensive.net
Mon May 13 09:26:32 EDT 2013
Unsure why some of these vendors don't join this list. One
of my clients who is an Allworx reseller, passed on the
advisory.
www.infiltrated.net/Allworx_Service_Bulletin_Security_Advisory.pdf
I may (from the security standpoint) switch things up this
year (vendors on this list beware). There are so many
vulnerabilities that have yet to be addressed and although
I am often torn about "disclosure," I WILL GO OUT on a whim
and say Allworx knew this was an issue, and likely brushed
it off as it was not reported.
So back to my "switching things up", to those vendors on
this list, I suggest you go back to your security queues
and get things in order. In these days and times, its darn
right absurd for backdoor accounts, and letting security
issues linger for years.
--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM
"Where ignorance is our master, there is no possibility of
real peace" - Dalai Lama
42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF
More information about the VoiceOps
mailing list