The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x up to and including 1.4.41.2 and 1.6.2.x up to and including 1.6.2.18.2 does not enable the alwaysauthreject option, which allows remote malicious users to enumerate account names by making a series of invalid SIP requests and observing the differences in the responses for different usernames, a different vulnerability than CVE-2011-2536.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
digium asterisk 1.6.2.16.2 |
||
digium asterisk 1.6.2.6 |
||
digium asterisk 1.6.2.0 |
||
digium asterisk 1.6.2.1 |
||
digium asterisk 1.6.2.17 |
||
digium asterisk 1.6.2.18 |
||
digium asterisk 1.6.2.2 |
||
digium asterisk 1.6.2.3 |
||
digium asterisk 1.6.2.17.3 |
||
digium asterisk 1.6.2.16 |
||
digium asterisk 1.6.2.17.2 |
||
digium asterisk 1.6.2.15 |
||
digium asterisk 1.6.2.5 |
||
digium asterisk 1.6.2.16.1 |
||
digium asterisk 1.6.2.4 |
||
digium asterisk 1.6.2.17.1 |
||
digium asterisk 1.6.2.18.1 |
||
digium asterisk 1.6.2.18.2 |
||
digium asterisk 1.4.29 |
||
digium asterisk 1.4.19 |
||
digium asterisk 1.4.30 |
||
digium asterisk 1.4.2 |
||
digium asterisk 1.4.20.1 |
||
digium asterisk 1.4.21 |
||
digium asterisk 1.4.10.1 |
||
digium asterisk 1.4.10 |
||
digium asterisk 1.4.17 |
||
digium asterisk 1.4.16.2 |
||
digium asterisk 1.4.18 |
||
digium asterisk 1.4.25 |
||
digium asterisk 1.4.26 |
||
digium asterisk 1.4.26.3 |
||
digium asterisk 1.4.22 |
||
digium asterisk 1.4.23 |
||
digium asterisk 1.4.28 |
||
digium asterisk 1.4.20 |
||
digium asterisk 1.4.31 |
||
digium asterisk 1.4.12.1 |
||
digium asterisk 1.4.11 |
||
digium asterisk 1.4.23.1 |
||
digium asterisk 1.4.26.1 |
||
digium asterisk 1.4.0 |
||
digium asterisk 1.4.33.1 |
||
digium asterisk 1.4.33 |
||
digium asterisk 1.4.27 |
||
digium asterisk 1.4.3 |
||
digium asterisk 1.4.38 |
||
digium asterisk 1.4.6 |
||
digium asterisk 1.4.19.2 |
||
digium asterisk 1.4.1 |
||
digium asterisk 1.4.16.1 |
||
digium asterisk 1.4.16 |
||
digium asterisk 1.4.25.1 |
||
digium asterisk 1.4.26.2 |
||
digium asterisk 1.4.23.2 |
||
digium asterisk 1.4.24 |
||
digium asterisk 1.4.34 |
||
digium asterisk 1.4.35 |
||
digium asterisk 1.4.32 |
||
digium asterisk 1.4.5 |
||
digium asterisk 1.4.7.1 |
||
digium asterisk 1.4.36 |
||
digium asterisk 1.4.39 |
||
digium asterisk 1.4.39.2 |
||
digium asterisk 1.4.40 |
||
digium asterisk 1.4.41.2 |
||
digium asterisk 1.4.29.1 |
||
digium asterisk 1.4.19.1 |
||
digium asterisk 1.4.21.1 |
||
digium asterisk 1.4.21.2 |
||
digium asterisk 1.4.15 |
||
digium asterisk 1.4.13 |
||
digium asterisk 1.4.14 |
||
digium asterisk 1.4.22.2 |
||
digium asterisk 1.4.22.1 |
||
digium asterisk 1.4.24.1 |
||
digium asterisk 1.4.8 |
||
digium asterisk 1.4.37 |
||
digium asterisk 1.4.41 |
||
digium asterisk 1.4.41.1 |
||
digium asterisk 1.4.9 |
||
digium asterisk 1.4.40.2 |
||
digium asterisk 1.4.27.1 |
||
digium asterisk 1.4.12 |
||
digium asterisk 1.4.7 |
||
digium asterisk 1.4.39.1 |
||
digium asterisk 1.4.4 |
||
digium asterisk 1.4.40.1 |