what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Asterisk 1.4.x / 1.6.x Username Enumeration

Asterisk 1.4.x / 1.6.x Username Enumeration
Posted Apr 17, 2011
Authored by Francesco Tornieri

Asterisk versions 1.4.x and 1.6.x suffer from a SIP response user enumeration vulnerability.

tags | advisory
SHA-256 | 4973731897121ff19b4e5e74ece388fc7aed0dec962bb1d65c5b2cbcb447f513

Asterisk 1.4.x / 1.6.x Username Enumeration

Change Mirror Download
Asterisk, sip response permit username identification

Author: francesco.tornieri \"At\" verona-wireless.net
Summary: Sip responses permit user identification
Release Date: 16/04/2011
Criticality level: Low
Impact: Information leak
Software: Asterisk 1.4.x (tested 1.4.40)
Asterisk 1.6.x (tested 1.6.2.17.2)
Asterisk 1.8.x isn't affected (tested 1.8.3.2)

Description:
It's possible to enumerate valide sip username through use INVITE request method instead of REGISTER method (a similar problem has been fixed by Digium in 2009 and has been described in this document http://downloads.asterisk.org/pub/security/AST-2009-003.html)

Example:
PBX Asterisk:
----------
sip.conf
----------
[general]
context=outgoing
port=5060
bindaddr=192.168.1.1
realm=asterisk
allowguest=no
alwaysauthreject=yes <----

[template](!)
type=friend
canreinvite=no
host=dynamic
qualify=1000
disallow=all
allow=g729

[100](template)
callerid=phone100<100>
username=100
secret=password

[500](template)
callerid=phone200<500>
username=500
secret=password

----------------
Method: REGISTER
----------------
Valid and Invalid user:
Response: Timed out

----------------
Method: INVITE
----------------
Invalid user:
Response: 'SIP/2.0 407 Proxy Authentication Required\r\nVia: SIP/2.0/UDP 127.0.0.1:5060;branch=z9hG4bK-2943238028;received=192.168.1.250;rport=63772\r\nFrom: "101"<sip:101@192.168.1.1>; tag=3130310132353237333535383832\r\nTo: "101"<sip:101@192.168.1.1>;tag=as7e9ffcb3\r\nCall-ID: 777784064\r\nCSeq: 1 INVITE\r\nUser-Agent: Asterisk PBX\r\nAllow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO\r\nSupported: replaces\r\nProxy-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="256bdf28"\r\nContent-Length: 0\r\n\r\n'
WARNING:root:found nothing

Valid user:
Mehod; INVITE
Response: nothing

Francesco Tornieri
Login or Register to add favorites

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close