From 196b302897f6c627c7175276e0818be1fb979eb5 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Wed, 23 May 2018 11:41:26 -0500 Subject: [PATCH] Land #10084, Mark all versions of telpho10 as vulnerable --- modules/auxiliary/admin/http/telpho10_credential_dump.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/auxiliary/admin/http/telpho10_credential_dump.rb b/modules/auxiliary/admin/http/telpho10_credential_dump.rb index 28d706bb88..024ead7877 100644 --- a/modules/auxiliary/admin/http/telpho10_credential_dump.rb +++ b/modules/auxiliary/admin/http/telpho10_credential_dump.rb @@ -11,11 +11,11 @@ class MetasploitModule < Msf::Auxiliary super(update_info(info, 'Name' => 'Telpho10 Backup Credentials Dumper', 'Description' => %q{ - This module exploits a vulnerability found in Telpho10 telephone system + This module exploits a vulnerability present in all versions of Telpho10 telephone system appliance. This module generates a configuration backup of Telpho10, downloads the file and dumps the credentials for admin login, phpmyadmin, phpldapadmin, etc. - This module has been successfully tested on the appliance. + This module has been successfully tested on the appliance versions 2.6.31 and 2.6.39. }, 'Author' => 'Jan Rude', # Vulnerability Discovery and Metasploit Module 'License' => MSF_LICENSE, @@ -23,7 +23,7 @@ class MetasploitModule < Msf::Auxiliary 'Platform' => 'linux', 'Targets' => [ - ['Telpho10 <= 2.6.31', {}] + ['Telpho10', {}] ], 'Privileged' => false, 'DisclosureDate' => 'Sep 2 2016'))