Asterisk SIP Response Username Enumeration Remote Information Disclosure Vulnerability Network Vulnerability

Summary

Asterisk is prone to an information-disclosure vulnerability because it doesn't provide safe responses to failed authentication attempts. Attackers can exploit this issue to discover whether specific usernames exist. Information harvested may aid in launching further attacks.

Solution

The vendor has released an advisory and updates. Please see the references for details.

References

http://downloads.asterisk.org/pub/security/AST-2009-008.html
http://www.asterisk.org/
http://www.securityfocus.com/archive/1/507688
http://www.securityfocus.com/bid/36924

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3727

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Asterisk CIDR Notation in Access Rule Remote Security Bypass Vulnerability
Brother HL-5370DW Printer 'post/panel.html' Security Bypass Vulnerability
Adobe Reader Information Disclosure & Denial of Service Vulnerabilities (Windows)
Apache Tomcat servlet/JSP container default files
Apple Safari 'Webkit' Multiple Vulnerabilities-01 Mar14 (Mac OS X)

Take action and discover your vulnerabilities