Digium: >> Asterisk >> 1.4.42 Security Vulnerabilities
The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests.
CVSS Score
5.0
EPSS Score
0.007
Published
2011-12-15
Page 2