CVE-2009-0041
NONE EPSS 84.2%
Published Jan 14, 200917y ago · Modified Jun 16, 20262w ago
Published Jan 14, 2009 17y ago
Last Modified Jun 16, 2026 2w ago
Description
IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
Threat Intelligence
EPSS Exploit Probability
84.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure
Affected Products 150
| Vendor | Product | Version | Range |
|---|---|---|---|
| asterisk | asterisk_business_edition | * | ≤b.2.5.2 |
| asterisk | asterisk_business_edition | * | ≤c.1.0 |
| asterisk | asterisk_business_edition | a | any |
| asterisk | asterisk_business_edition | b.1.3.2 | any |
| asterisk | asterisk_business_edition | b.1.3.3 | any |
| asterisk | asterisk_business_edition | b.2.2.0 | any |
| asterisk | asterisk_business_edition | b.2.2.1 | any |
| asterisk | asterisk_business_edition | b.2.3.1 | any |
| asterisk | asterisk_business_edition | b.2.3.2 | any |
| asterisk | asterisk_business_edition | b.2.3.3 | any |
| asterisk | asterisk_business_edition | b.2.3.4 | any |
| asterisk | asterisk_business_edition | b.2.3.5 | any |
| asterisk | asterisk_business_edition | b.2.3.6 | any |
| asterisk | asterisk_business_edition | b.2.5.0 | any |
| asterisk | asterisk_business_edition | b.2.5.1 | any |
| asterisk | asterisk_business_edition | b.2.5.3 | any |
| asterisk | asterisk_business_edition | c.1.0 | any |
| asterisk | open_source | * | ≤1.2.30.4 |
| asterisk | open_source | * | ≤1.4.23 |
| asterisk | open_source | * | ≤1.6.0.3 |
| asterisk | open_source | 1.2.0 | any |
| asterisk | open_source | 1.2.0 | any |
| asterisk | open_source | 1.2.0 | any |
| asterisk | open_source | 1.2.0 | any |
| asterisk | open_source | 1.2.0 | any |
| asterisk | open_source | 1.2.0beta1 | any |
| asterisk | open_source | 1.2.0beta2 | any |
| asterisk | open_source | 1.2.1 | any |
| asterisk | open_source | 1.2.2 | any |
| asterisk | open_source | 1.2.2 | any |
| asterisk | open_source | 1.2.3 | any |
| asterisk | open_source | 1.2.3 | any |
| asterisk | open_source | 1.2.10 | any |
| asterisk | open_source | 1.2.10 | any |
| asterisk | open_source | 1.2.11 | any |
| asterisk | open_source | 1.2.11 | any |
| asterisk | open_source | 1.2.12 | any |
| asterisk | open_source | 1.2.12 | any |
| asterisk | open_source | 1.2.12.1 | any |
| asterisk | open_source | 1.2.12.1 | any |
| asterisk | open_source | 1.2.13 | any |
| asterisk | open_source | 1.2.13 | any |
| asterisk | open_source | 1.2.14 | any |
| asterisk | open_source | 1.2.14 | any |
| asterisk | open_source | 1.2.15 | any |
| asterisk | open_source | 1.2.15 | any |
| asterisk | open_source | 1.2.16 | any |
| asterisk | open_source | 1.2.16 | any |
| asterisk | open_source | 1.2.17 | any |
| asterisk | open_source | 1.2.17 | any |
| asterisk | open_source | 1.2.18 | any |
| asterisk | open_source | 1.2.18 | any |
| asterisk | open_source | 1.2.19 | any |
| asterisk | open_source | 1.2.19 | any |
| asterisk | open_source | 1.2.20 | any |
| asterisk | open_source | 1.2.20 | any |
| asterisk | open_source | 1.2.21 | any |
| asterisk | open_source | 1.2.21 | any |
| asterisk | open_source | 1.2.21.1 | any |
| asterisk | open_source | 1.2.21.1 | any |
| asterisk | open_source | 1.2.22 | any |
| asterisk | open_source | 1.2.22 | any |
| asterisk | open_source | 1.2.23 | any |
| asterisk | open_source | 1.2.23 | any |
| asterisk | open_source | 1.2.24 | any |
| asterisk | open_source | 1.2.24 | any |
| asterisk | open_source | 1.2.25 | any |
| asterisk | open_source | 1.2.25 | any |
| asterisk | open_source | 1.2.26 | any |
| asterisk | open_source | 1.2.26 | any |
| asterisk | open_source | 1.2.26.1 | any |
| asterisk | open_source | 1.2.26.1 | any |
| asterisk | open_source | 1.2.26.2 | any |
| asterisk | open_source | 1.2.26.2 | any |
| asterisk | open_source | 1.2.27 | any |
| asterisk | open_source | 1.2.28 | any |
| asterisk | open_source | 1.2.29 | any |
| asterisk | open_source | 1.2.30 | any |
| asterisk | open_source | 1.2.30.2 | any |
| asterisk | open_source | 1.2.30.3 | any |
| asterisk | open_source | 1.4.0 | any |
| asterisk | open_source | 1.4.0 | any |
| asterisk | open_source | 1.4.0 | any |
| asterisk | open_source | 1.4.0 | any |
| asterisk | open_source | 1.4.1 | any |
| asterisk | open_source | 1.4.2 | any |
| asterisk | open_source | 1.4.3 | any |
| asterisk | open_source | 1.4.4 | any |
| asterisk | open_source | 1.4.5 | any |
| asterisk | open_source | 1.4.6 | any |
| asterisk | open_source | 1.4.7 | any |
| asterisk | open_source | 1.4.7.1 | any |
| asterisk | open_source | 1.4.8 | any |
| asterisk | open_source | 1.4.9 | any |
| asterisk | open_source | 1.4.10 | any |
| asterisk | open_source | 1.4.10.1 | any |
| asterisk | open_source | 1.4.11 | any |
| asterisk | open_source | 1.4.12 | any |
| asterisk | open_source | 1.4.12.1 | any |
| asterisk | open_source | 1.4.13 | any |
| asterisk | open_source | 1.4.14 | any |
| asterisk | open_source | 1.4.15 | any |
| asterisk | open_source | 1.4.16 | any |
| asterisk | open_source | 1.4.16.1 | any |
| asterisk | open_source | 1.4.16.2 | any |
| asterisk | open_source | 1.4.17 | any |
| asterisk | open_source | 1.4.18 | any |
| asterisk | open_source | 1.4.18.1 | any |
| asterisk | open_source | 1.4.19 | any |
| asterisk | open_source | 1.4.19 | any |
| asterisk | open_source | 1.4.19 | any |
| asterisk | open_source | 1.4.19 | any |
| asterisk | open_source | 1.4.19 | any |
| asterisk | open_source | 1.4.19.1 | any |
| asterisk | open_source | 1.4.19.2 | any |
| asterisk | open_source | 1.4.20 | any |
| asterisk | open_source | 1.4.20 | any |
| asterisk | open_source | 1.4.20 | any |
| asterisk | open_source | 1.4.20 | any |
| asterisk | open_source | 1.4.21 | any |
| asterisk | open_source | 1.4.21 | any |
| asterisk | open_source | 1.4.21 | any |
| asterisk | open_source | 1.4.21.1 | any |
| asterisk | open_source | 1.4.21.2 | any |
| asterisk | open_source | 1.4.22 | any |
| asterisk | open_source | 1.4.22 | any |
| asterisk | open_source | 1.4.22 | any |
| asterisk | open_source | 1.4.22.1 | any |
| asterisk | open_source | 1.4.22.2 | any |
| asterisk | open_source | 1.4.23 | any |
| asterisk | open_source | 1.4.23 | any |
| asterisk | open_source | 1.4.23 | any |
| asterisk | open_source | 1.4_revision_95946 | any |
| asterisk | open_source | 1.4beta | any |
| asterisk | open_source | 1.6.0 | any |
| asterisk | open_source | 1.6.0 | any |
| asterisk | open_source | 1.6.0 | any |
| asterisk | open_source | 1.6.0 | any |
| asterisk | open_source | 1.6.0 | any |
| asterisk | open_source | 1.6.0 | any |
| asterisk | open_source | 1.6.0 | any |
| asterisk | open_source | 1.6.0 | any |
| asterisk | open_source | 1.6.0 | any |
| asterisk | open_source | 1.6.0 | any |
| asterisk | open_source | 1.6.0 | any |
| asterisk | open_source | 1.6.0 | any |
| asterisk | open_source | 1.6.0.1 | any |
| asterisk | open_source | 1.6.0.2 | any |
| asterisk | open_source | 1.6.0.3 | any |
| asterisk | s800i_appliance | 1.2 | any |
References 11
- downloads.digium.com http://downloads.digium.com/pub/security/AST-2009-001.html
- secunia.com http://secunia.com/advisories/33453
- secunia.com http://secunia.com/advisories/34982
- secunia.com http://secunia.com/advisories/37677
- security.gentoo.org http://security.gentoo.org/glsa/glsa-200905-01.xml
- securityreason.com http://securityreason.com/securityalert/4910
- debian.org http://www.debian.org/security/2009/dsa-1952
- securityfocus.com http://www.securityfocus.com/archive/1/499884/100/0/threaded
- securityfocus.com http://www.securityfocus.com/bid/33174
- securitytracker.com http://www.securitytracker.com/id?1021549
- vupen.com http://www.vupen.com/english/advisories/2009/0063
Remediation
- securityfocus.com http://www.securityfocus.com/bid/33174