Meridian Integrated Personal Call Director Password Disclosure

By
Jijith Rajan
Published on
02 Jul 2018
Vulnerability

Meridian Integrated Personal Call Director (MIPCD) is used by users to redirect calls from any person to any mobile phone or landline. MIPCD continues to forward calls tell anyone picks up or all the options are exhausted. The MIPCD can be used to set rules for call forwarding for mobile phones and FAX machines. The Meridian Integrated Personal Call Director contained a bug due to which, an attacker can expose MIPCD to gain unauthorised password exposure. The attacker can gain remote access to the login, password and user config files through the web interface. These files contain the usernames and passwords of all the MIPCD users and might also include credentials of the administrator account. This vulnerability poses a huge risk to the security of the web application.

Impact

The impact include:-

  • Access to unauthorised content
  • Loss of sensitive data.
  • Possible data manipulation.

Mitigation / Precaution

Beagle recommends the following fixes:-

  • Upgrade MIPCD to the latest version ( 1.5 or higher).
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Jijith Rajan
Jijith Rajan
Cyber Security Engineer
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
Find surface-level website security issues in under a minute
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.