Vulnerabilities > Digium > Asterisk > 1.4.42

DATE CVE VULNERABILITY TITLE RISK
2011-12-15 CVE-2011-4597 Information Exposure vulnerability in Digium Asterisk
The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests.
network
low complexity
digium CWE-200
5.0
5.0