CVE-2009-1803

NONE EPSS 64.9%
Published May 28, 200917y ago · Modified Jun 16, 20262w ago
Find Similar
Published May 28, 2009 17y ago
Last Modified Jun 16, 2026 2w ago

Description

FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

Threat Intelligence

EPSS Exploit Probability
64.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure

Affected Products 12

VendorProductVersionRange
freepbxfreepbx2.4any
freepbxfreepbx2.4.0_beta1any
freepbxfreepbx2.4.0_beta2any
freepbxfreepbx2.4.1any
freepbxfreepbx2.5any
freepbxfreepbx2.5.0_beta1any
freepbxfreepbx2.5.0rc2any
freepbxfreepbx2.5.0rc3any
freepbxfreepbx2.5.1any
freepbxfreepbx2.5.2any
sangomafreepbx2.4.0any
sangomafreepbx2.5.0any

References 4

Remediation