Vulnerability Description
FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freepbx | Freepbx | 2.4 |
| Sangoma | Freepbx | 2.4.0 |
Related Weaknesses (CWE)
References
- http://freepbx.org/trac/ticket/3660
- http://secunia.com/advisories/34772Vendor Advisory
- http://www.osvdb.org/54263
- http://www.securityfocus.com/bid/34857Patch
- http://freepbx.org/trac/ticket/3660
- http://secunia.com/advisories/34772Vendor Advisory
- http://www.osvdb.org/54263
- http://www.securityfocus.com/bid/34857Patch
FAQ
What is CVE-2009-1803?
CVE-2009-1803 is a vulnerability with a CVSS score of 5.0 (MEDIUM). FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote a...
How severe is CVE-2009-1803?
CVE-2009-1803 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1803?
Check the references section above for vendor advisories and patch information. Affected products include: Freepbx Freepbx, Sangoma Freepbx.