[asterisk-users] OT How to Change Polycom Web Admin User:Pass via Web

Steve Totaro stotaro at totarotechnologies.com
Wed Mar 5 18:49:23 CST 2008


That stinks.  Terrible design flaw.

It wouldn't be such an issue if the whole Polycom page (or any
indication of device) prior to the authentication.

I bet one could google for Polycom phones and login as Polycom:456.
Not that one could do much more than brick the phone (which is bad
enough).  One could get the proxy or server's IP and username and then
brute force the pass I suppose (that is if the username and pass
aren't the same which is probably the case more often then one would
think).

Thanks,
Steve Totaro

On Wed, Mar 5, 2008 at 4:58 PM, Noah Miller <noahisaacmiller at gmail.com> wrote:
> Hi Steve -
>
>  I could be mistaken, but I think this has to be done physically from
>  the phone.  I don't think you can do this with central provisioning or
>  from the web interface.
>
>
>  - Noah
>
>
>
>
>
>  On Wed, Mar 5, 2008 at 3:20 PM, Steve Totaro
>  <stotaro at totarotechnologies.com> wrote:
>  > I setup a number of remote phones on public IPs using the web
>  >  interface.  Now my question is how do I change the default Polycom:456
>  >  password via the web interface.  Is there a hidden way or does it have
>  >  to be done via FTP TFTP?
>  >
>  >  Thanks,
>  >  Steve Totaro
>  >
>  >  _______________________________________________
>  >  -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>  >
>  >  asterisk-users mailing list
>  >  To UNSUBSCRIBE or update options visit:
>  >    http://lists.digium.com/mailman/listinfo/asterisk-users
>  >
>
>  _______________________________________________
>  -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
>  asterisk-users mailing list
>  To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>



More information about the asterisk-users mailing list