• ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The HP Community is where owners of HP products, like you, volunteer to help each other find solutions.
HP Recommended

Hi

 

I have just discovered that if you enable the PhoneLock feature then you can easily bypass it without a password!

 

As in my previous post I created the phonelock button:

 

  <efk>
    <version efk.version="2" />
    <efklist
        efk.efklist.1.mname="Lock"
        efk.efklist.1.label="Lock"
        efk.efklist.1.status="1"
        efk.efklist.1.action.string="$FLockPhone$"
      />
    </efk>
  <softkey
     softkey.1.label="Lock"
     softkey.1.action="$FLockPhone$"
     softkey.1.enable="1"
     softkey.1.precede="1"
     softkey.1.use.idle="1"
   />

 

This all works fine however if you press Unlock then just press enter with no credentials the phone unlocks! I have checked the Admin guide however there is no mention of setting a password for the phonelock ie like phoneLock.password="" so as the phone downloads the config and can read the TAG value the password is known by the phone enabling the user to just bypass the security of the lock!

 

Does anyone know how to get around this security flaw or is it just one of those things that may have been overlooked??

 

Many thanks

 

Dave

1 ACCEPTED SOLUTION

Accepted Solutions
HP Recommended

Hi Steffen

 

Sorry please accept my appologies - the device.auth entries were in the sys.cfg file and not the phone%BWDEVICEID%.cfg file so where the system wide tags were blank and the user tags were not it was reading the system tags.....

 

This now all works perfectly!

 

Sorry again - learning all the time! 🙂

 

Best regards

 

Dave

View solution in original post

3 REPLIES 3
HP Recommended

Hello Dave,

 

a good starting point is always to provide the software version where you think you have discovered an issue.

 

I did a quick test running UCS 5.0.0 on a VVX310 and could not use the Enter Softkey to bypass the phone lock.

 

In addition to your follow up question the FAQ contains this post here:

 

Apr 23, 2013 Question: How can I lock my phone?

Resolution: Please check => here <=

 

Please provide more details or raise this via your Polycom reseller and/or Polycom support directly.

 

Best Regards

 

Steffen Baier

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
HP Recommended

Hi Steffen

 

Sorry UC Software Version 4.1.5.3284 Polycom VVX300

 

I looked at the FAQ however we use tags:

 

  <device device.set="1">

    <device.auth
        device.auth.localAdminPassword.set="1"
        device.auth.localAdminPassword="%ADMIN_PASS%"
        device.auth.localUserPassword.set="1"
        device.auth.localUserPassword="%USER_PASS%"
    />

 

%ADMIN_PASS% = 555

%USER_PASS% = 666

 

Can still bypass the lock screen... Are you able to confirm?

 

 

Many thanks

 

Dave

HP Recommended

Hi Steffen

 

Sorry please accept my appologies - the device.auth entries were in the sys.cfg file and not the phone%BWDEVICEID%.cfg file so where the system wide tags were blank and the user tags were not it was reading the system tags.....

 

This now all works perfectly!

 

Sorry again - learning all the time! 🙂

 

Best regards

 

Dave

† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.