all InfoSec news
VU#383864: Visual Voice Mail (VVM) services transmit unencrypted credentials via SMS
Feb. 24, 2022, 7:51 p.m. |
CERT Recently Published Vulnerability Notes kb.cert.org
Overview
Visual Voice Mail (VVM) services transmit unencrypted credentials via SMS. An attacker with the ability to read SMS messages can obtain VVM IMAP credentials and gain access to VVM data.
Description
VVM is specified by Open Mobile Terminal Platform-OMPT and is implemented with SMS and IMAP (and other protocols). VVM IMAP credentials are sent unencrypted in SMS messages. From vvm-disclosure:
When a client sends any sort of STATUS SMS (activate, deactivate, status), the carrier will respond with all …
More from kb.cert.org / CERT Recently Published Vulnerability Notes
VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks
3 weeks, 1 day ago |
kb.cert.org
VU#446598: GPU kernel implementations susceptible to memory leak
3 months, 1 week ago |
kb.cert.org
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Security Compliance Architect - Experian Health (Can be REMOTE from anywhere in the US)
@ Experian | ., ., United States
IT Security Specialist
@ Ørsted | Kuala Lumpur, MY
Senior, Cyber Security Analyst
@ Peloton | New York City
Cyber Security Engineer | Perimeter | Firewall
@ Garmin Cluj | Cluj-Napoca, Cluj County, Romania
Pentester / Ethical Hacker Web/API - Vast/Freelance
@ Resillion | Brussels, Belgium