AudioCodes Plugs AD Password Leak in Mediant SBCs

The release of AudioCodes SBC firmware 7.20A.100 fixes an issue where the Active Directory passwords of your SBC administrators might be inadvertently captured into the Syslog.

This issue is isolated to the AD / LDAP Authentication feature, where the SBC will let you authenticate to its web console using your Active Directory credentials. It passes those to AD and queries your group membership. If you’re in the right AD group, you’re allowed the appropriate level of access to the SBC.

The leak only occurs if you have LDAPDEBUGMODE set to 3 (the highest level) in the SBC’s AdminPage.

Here’s a capture of the syslog from an affected device, logging Gilligan’s AD password:

SyslogCapture

The issue has been seen in releases up to 7.20A.002 and reproduced on the Mediant 800 and Virtual Edition.

It it fixed in 7.20A.100.

Until you can upgrade, check your SBCs are not logging at LDAPDEBUGMODE of 3. Only values of 0, 1 or 2 are safe. Alternatively, disable AD-based authentication altogether until you’re on the upgraded release.

You can check the current setting by browsing to the SBC’s “AdminPage” – http://<SBC IP/Hostname>/AdminPage, and select “ini Parameters” from the menu on the LHS. Enter the “Parameter Name” of LDAPDEBUGMODE and click Apply New Value to be shown the current setting. To change it, enter a 0, 1 or 2 in the “Enter Value:” field and click Apply New Value again:

AdminPage-LDAPDEBUGMODE

 

– G.

Leave a Reply

Your email address will not be published.

... and please just confirm for me that you're not a bot first: Time limit is exhausted. Please reload the CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.