Asterisk Project Security Advisory - When endpoint specific ACL rules block a SIP request they respond with a 403 forbidden. However, if an endpoint is not identified then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints.
0a8df976f443c76825aaacd37af4fd8f1b496b41d03db87301ebcb184dddb134