Asterisk SIP Response Username Enumeration Remote Information Disclosure Vulnerability Network Vulnerability

Summary

Asterisk is prone to an information-disclosure vulnerability because it doesn't provide safe responses to failed authentication attempts. Attackers can exploit this issue to discover whether specific usernames exist. Information harvested may aid in launching further attacks.

Solution

The vendor has released an advisory and updates. Please see the references for details.

References

http://downloads.asterisk.org/pub/security/AST-2009-008.html
http://www.asterisk.org/
http://www.securityfocus.com/archive/1/507688
http://www.securityfocus.com/bid/36924

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3727
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Linux)
Adobe Flex SDK 'SWF' Files Cross-Site Scripting Vulnerability (Windows)
Avant Browser Address Bar Spoofing Vulnerability
AOLserver Default Password
Adobe Reader Information Disclosure Vulnerability Jun05 (Windows)

Take action and discover your vulnerabilities