Asterisk SIP REGISTER Response Username Enumeration Vulnerability Network Vulnerability

Summary

This host is running Asterisk Server and is prone to username enumeration vulnerability.

Impact

Successful exploitation will allow attacker to obtain valid username that could aid in further attacks. Impact Level: Application

Solution

Please refer below link for updates, http://downloads.asterisk.org/pub/security/AST-2011-011.html

Insight

The problem is that different responses are being sent when using a valid or an invalid username in REGISTER messages. This can be exploited to determine valid usernames by sending specially crafted REGISTER messages.

Affected

Asterisk Business Edition C.3.x Asterisk Open Source Version 1.4.x, 1.6.2.x, 1.8.x

References

http://downloads.asterisk.org/pub/security/AST-2011-011.html
http://osvdb.org/show/osvdb/73257
http://packetstormsecurity.org/files/view/101720
http://secunia.com/advisories/44707

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apache Tomcat Multiple Vulnerabilities - 01 Mar14
Apache /server-status accessible
Asterisk RTP Comfort Noise Processing Remote Denial of Service Vulnerability
Apple Safari Multiple Memory Corruption Vulnerabilities-03 Aug14 (Mac OS X)
Adobe Digital Edition Information Disclosure Vulnerability (Windows)

Take action and discover your vulnerabilities