Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2009-11-10T18:00:00

Updated: 2024-08-07T06:38:30.134Z

Reserved: 2009-10-16T00:00:00

Link: CVE-2009-3727

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2009-11-10T18:30:00.250

Modified: 2024-11-21T01:08:03.907

Link: CVE-2009-3727

cve-icon Redhat

Severity : Moderate

Publid Date: 2009-11-04T00:00:00Z

Links: CVE-2009-3727 - Bugzilla