Back to search
CVE-2008-1390
Published: Mar 24, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
3764
third-party-advisory
x_refsource_SREASON
28316
vdb-entry
x_refsource_BID
20080318 AST-2008-005: HTTP Manager ID is predictable
mailing-list
x_refsource_BUGTRAQ
asterisk-httpmanagerid-weak-security(41304)
vdb-entry
x_refsource_XF
29449
third-party-advisory
x_refsource_SECUNIA
http://downloads.digium.com/pub/security/AST-2008-005.html
x_refsource_CONFIRM
FEDORA-2008-2554
vendor-advisory
x_refsource_FEDORA
1019679
vdb-entry
x_refsource_SECTRACK
FEDORA-2008-2620
vendor-advisory
x_refsource_FEDORA
29470
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now