Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 126.96.36.199, 1.6.0.x before 188.8.131.52, and 1.6.1.x before 184.108.40.206; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 220.127.116.11 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header.
Publish Date : 2009-11-10 Last Update Date : 2009-12-23
OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify
a vulnerability or a missing patch. Check out the OVAL definitions
if you want to learn what you should do to verify a vulnerability.