Summary
This host is running Asterisk Server and is prone to username enumeration vulnerability.
Impact
Successful exploitation will allow attacker to obtain valid username that could aid in further attacks.
Impact Level: Application
Solution
Please refer below link for updates,
http://downloads.asterisk.org/pub/security/AST-2011-011.html
Insight
The problem is that different responses are being sent when using a valid or an invalid username in REGISTER messages. This can be exploited to determine valid usernames by sending specially crafted REGISTER messages.
Affected
Asterisk Business Edition C.3.x
Asterisk Open Source Version 1.4.x, 1.6.2.x, 1.8.x
References
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Apache Tomcat Multiple Vulnerabilities - 01 Mar14
- Apache /server-status accessible
- Asterisk RTP Comfort Noise Processing Remote Denial of Service Vulnerability
- Apple Safari Multiple Memory Corruption Vulnerabilities-03 Aug14 (Mac OS X)
- Adobe Digital Edition Information Disclosure Vulnerability (Windows)