Is this a real attack vector?

In the firewall “extra services” management, the “http provisioning” service has a caption:

It is NOT ADVISED to expose this port to the public internet, as SIP Secrets will be available to a knowledgable attacker

The tftp section does not say this. I am having a hard time thinking of a way an attacker could get the SIP Secrets from http but not tftp. Can anyone shed some light on this?

No they can get it from both. Open a feature request to have us update the text for tftp and ftp

But they would need to know the mac address of the phone to get that, correct? Or brute force it.


and if brute fore is the only know way to get the secrets, then a better feature request IMO is to have failtoban monitor the tftp and http requests like it does with ssh and sip requests

Should it be noted that Https isnt secure either, it only provides security in transit. It can be bruteforced just like http and tftp