N/A

Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header.

N/A

N/A

Digium Asterisk SIP注册响应用户枚举漏洞

Asterisk是开放源码的软件PBX，支持各种VoIP协议和设备。 Asterisk Open Source 1.2.35之前的1.2.x版本，1.4.26.3之前的1.4.x版本，1.6.0.17之前的1.6.0.x版本，以及1.6.1.9之前的1.6.1.x版本；Business Edition A.x.x，B.2.5.12之前的B.x.x版本，C.2.4.5之前的C.2.x.x版本，C.3.2.2之前的C.3.x.x版本；AsteriskNOW 1.5，1.3.0.5之前的s800i 1.3.x版

N/A

N/A