Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 184.108.40.206, 1.6.0.x before 220.127.116.11, and 1.6.1.x before 18.104.22.168; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 22.214.171.124 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header.
Publish Date : 2009-11-10 Last Update Date : 2009-12-23
OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify
a vulnerability or a missing patch. Check out the OVAL definitions
if you want to learn what you should do to verify a vulnerability.