Back to search
CVE-2009-0041
Published: Jan 14, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
GLSA-200905-01
vendor-advisory
x_refsource_GENTOO
20090108 AST-2009-001: Information leak in IAX2 authentication
mailing-list
x_refsource_BUGTRAQ
33453
third-party-advisory
x_refsource_SECUNIA
4910
third-party-advisory
x_refsource_SREASON
33174
vdb-entry
x_refsource_BID
37677
third-party-advisory
x_refsource_SECUNIA
DSA-1952
vendor-advisory
x_refsource_DEBIAN
1021549
vdb-entry
x_refsource_SECTRACK
http://downloads.digium.com/pub/security/AST-2009-001.html
x_refsource_CONFIRM
ADV-2009-0063
vdb-entry
x_refsource_VUPEN
34982
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now