AudioCodes Mediant Session Border Controller Weak Password Encryption Vulnerability

A vulnerability exists in AudioCodes Mediant Session Border Controllers (SBCs) prior to version 7.40A.501.841, due to inadequate password obfuscation that allows for decryption of passwords from configuration exports. This issue was identified by reverse engineering the main application binary, which revealed that the encryption relied on simple XOR operations with a dynamically generated, password-based key.

Impact

Exploitation of this vulnerability allows for the decryption of passwords, potentially leading to unauthorized access or manipulation of the SBC's configuration.

Reproduction

The vulnerability can be reproduced by accessing an affected SBC's configuration export (INI file) and using a Python script to decrypt the passwords. The script must be executed with the encrypted password as an argument, and it will return the decrypted password.

Remediation

Users are advised to update to version 7.40A.501.841 and to set a unique encryption key.