CVE-2009-1803

Published May 28, 2009

Last updated 5 years ago

Overview

Description: FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:freepbx:freepbx:2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "455E97D6-B069-49D6-B510-3D4112A9E1B3"
          },
          {
            "criteria": "cpe:2.3:a:freepbx:freepbx:2.4.0_beta1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF1E1278-3114-4BD1-B589-30B5313C9502"
          },
          {
            "criteria": "cpe:2.3:a:freepbx:freepbx:2.4.0_beta2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "32D216B0-31D6-4288-8773-FB2438944492"
          },
          {
            "criteria": "cpe:2.3:a:freepbx:freepbx:2.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A09E3F0-E1A6-4CC4-8134-89DF5DB6EA3B"
          },
          {
            "criteria": "cpe:2.3:a:freepbx:freepbx:2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B2C1156-93B6-4D71-8D9C-ED6FC6C0AE74"
          },
          {
            "criteria": "cpe:2.3:a:freepbx:freepbx:2.5.0_beta1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11ACC1C9-A2C3-41CA-B608-C474B642A380"
          },
          {
            "criteria": "cpe:2.3:a:freepbx:freepbx:2.5.0rc2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8A021AB-A142-4DAD-9EB0-2352C625D8CC"
          },
          {
            "criteria": "cpe:2.3:a:freepbx:freepbx:2.5.0rc3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C0B173F-2161-4E40-A712-90DA6B997820"
          },
          {
            "criteria": "cpe:2.3:a:freepbx:freepbx:2.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "613A39A4-976E-4535-9408-533F957F7F87"
          },
          {
            "criteria": "cpe:2.3:a:freepbx:freepbx:2.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5B657C6-A2DF-432A-9F46-1157C630CB20"
          },
          {
            "criteria": "cpe:2.3:a:sangoma:freepbx:2.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9734B50E-BEA8-41DF-835F-7B15A9BB31E8"
          },
          {
            "criteria": "cpe:2.3:a:sangoma:freepbx:2.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9645D4F-BB03-49AD-AE79-6FE990BF18FE"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References