Username Enumeration Vulnerability in Asterisk SIP over UDP Implementation

Username Enumeration Vulnerability in Asterisk SIP over UDP Implementation

CVE-2011-4597 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests.

Learn more about our Open Source Audit.