Asterisk SIP Response Username Enumeration Remote Information Disclosure Vulnerability Network Vulnerability

Summary

Asterisk is prone to an information-disclosure vulnerability because it doesn't provide safe responses to failed authentication attempts. Attackers can exploit this issue to discover whether specific usernames exist. Information harvested may aid in launching further attacks.

Solution

The vendor has released an advisory and updates. Please see the references for details.

References

http://downloads.asterisk.org/pub/security/AST-2009-008.html
http://www.asterisk.org/
http://www.securityfocus.com/archive/1/507688
http://www.securityfocus.com/bid/36924

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3727

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Adobe Digital Edition Information Disclosure Vulnerability (Mac OS X)
Apple iTunes Tutorials Window Security Bypass Vulnerability (Mac OS X)
Apple Safari Secure Cookie Security Bypass Vulnerability (Mac OS X)
Adobe Reader Multiple Vulnerabilities - Aug07 (Mac OS X)
Apache Tomcat Multiple Vulnerabilities-01 (Nov14)

Take action and discover your vulnerabilities