Username Enumeration Vulnerability in Asterisk SIP over UDP Implementation
CVE-2011-4597 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests.
Learn more about our Open Source Audit.