FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
References
Link | Resource |
---|---|
http://freepbx.org/trac/ticket/3660 | |
http://secunia.com/advisories/34772 | Vendor Advisory |
http://www.osvdb.org/54263 | |
http://www.securityfocus.com/bid/34857 | Patch |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:23:57
Updated: 2022-10-03T16:23:57
Reserved: 2022-10-03T00:00:00
Link: CVE-2009-1803
JSON object: View
NVD Information
Status : Analyzed
Published: 2009-05-28T14:30:00.390
Modified: 2019-12-10T15:34:59.420
Link: CVE-2009-1803
JSON object: View
Redhat Information
No data.
CWE