Roberto Suggi Liverani , founder of the OWASP (Open Web Application Security Project) New Zealand chapter discover a vulnerability in Cisco CallManager AKA Unified Communications Manager. It is a software-based call-processing system developed by Cisco Systems.

During a security review, I have found a quick way to perform PIN brute force attack against accounts registered with a Cisco Unified Communications Manager (CallManager)." He described on his blog





Researcher target the HTTP GET requests used by CallManager to initiate the login process. :

https://x.x.x.x/ccmpd/pdCheckLogin.do?name=undefined





He Demonstrated the idea with Burp Suite (Penetration testing Framework). He showed the html form parameter used for login as shown below:

https://x.x.x.x/ccmpd/login.do?sid=_sid_value_&userid=_userid_&pin=_PIN_





The sid token is required to perform the PIN brute force attack. So first get a valid sid token value and then you can brute force userid and pin using dictionary attack or Combination attack.



