Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Chrome HUDweb plugin before 2016-05-05 for Fonality (previously trixbox Pro) 12.6 through 14.1i uses the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Fonality Chrome HUDweb插件安全漏洞
Vulnerability Description
Fonality(前称Trixbox pro)是美国Fonality公司的一套集成VoIP和CRM功能的开源电话交换机解决方案。该方案支持语音信箱、多方语音会议和交互式语音应答(IVR)等。 Fonality 12.6版本值14.1i版本的Chrome HUDweb插件中存在安全漏洞,该漏洞源于程序在不同的用户安装中使用相同的Thawte-signed SSL证书和私钥。远程攻击者可借助已知的密钥利用该漏洞破坏加密保护机制。
CVSS Information
N/A
Vulnerability Type
N/A