CVE-2002-0769 Information

Description

The web-based configuration interface for the Cisco ATA 186 Analog Telephone Adaptor allows remote attackers to bypass authentication via an HTTP POST request with a single byte which allows the attackers to (1) obtain the password from the login screen or (2) reconfigure the adaptor by modifying certain request parameters.

Reference

http://archives.neohapsis.com/archives/bugtraq/2002-05/0083.html http://www.cisco.com/warp/public/707/ata186-password-disclosure.shtml http://www.iss.net/security_center/static/9056.php http://www.iss.net/security_center/static/9057.php http://www.securityfocus.com/bid/4711 http://www.securityfocus.com/bid/4712