Back to search
CVE-2007-6430
Published: Dec 20, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
28149
third-party-advisory
x_refsource_SECUNIA
29782
third-party-advisory
x_refsource_SECUNIA
GLSA-200804-13
vendor-advisory
x_refsource_GENTOO
29242
third-party-advisory
x_refsource_SECUNIA
20071218 AST-2007-027 - Database matching order permits host-based authentication to be ignored
mailing-list
x_refsource_BUGTRAQ
SUSE-SR:2008:005
vendor-advisory
x_refsource_SUSE
ADV-2007-4260
vdb-entry
x_refsource_VUPEN
DSA-1525
vendor-advisory
x_refsource_DEBIAN
3467
third-party-advisory
x_refsource_SREASON
39519
vdb-entry
x_refsource_OSVDB
1019110
vdb-entry
x_refsource_SECTRACK
asterisk-registration-security-bypass(39124)
vdb-entry
x_refsource_XF
29456
third-party-advisory
x_refsource_SECUNIA
26928
vdb-entry
x_refsource_BID
http://downloads.digium.com/pub/security/AST-2007-027.html
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now