What is the severity of CVE-2009-1803?

CVE-2009-1803 is rated as a medium severity vulnerability due to its ability to allow username enumeration.

How do I fix CVE-2009-1803?

To fix CVE-2009-1803, update your FreePBX installation to a version that addresses this vulnerability.

What versions of FreePBX are affected by CVE-2009-1803?

CVE-2009-1803 affects FreePBX versions 2.4.x, 2.5.x, and pre-release 2.6.x, including version 2.5.1.

What type of attack does CVE-2009-1803 enable?

CVE-2009-1803 enables remote attackers to enumerate valid usernames through differing error messages.

Is there a workaround for CVE-2009-1803?

A potential workaround for CVE-2009-1803 is to modify the error response mechanics, but updating to a patched version is recommended.

Vulnerability/
CVE-2009-1803

medium

CWE

200

28/5/2009

16/9/2024

CVE-2009-1803: Infoleak

First published: Thu May 28 2009(Updated: )

FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
FreePBX	=2.4
FreePBX	=2.4.0_beta1
FreePBX	=2.4.0_beta2
FreePBX	=2.4.1
FreePBX	=2.5
FreePBX	=2.5.0_beta1
FreePBX	=2.5.0rc2
FreePBX	=2.5.0rc3
FreePBX	=2.5.1
FreePBX	=2.5.2
FreePBX	=2.4.0
FreePBX	=2.5.0

Remedy

http://www.securityfocus.com/bid/34857

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-1803?
CVE-2009-1803 is rated as a medium severity vulnerability due to its ability to allow username enumeration.
How do I fix CVE-2009-1803?
To fix CVE-2009-1803, update your FreePBX installation to a version that addresses this vulnerability.
What versions of FreePBX are affected by CVE-2009-1803?
CVE-2009-1803 affects FreePBX versions 2.4.x, 2.5.x, and pre-release 2.6.x, including version 2.5.1.
What type of attack does CVE-2009-1803 enable?
CVE-2009-1803 enables remote attackers to enumerate valid usernames through differing error messages.
Is there a workaround for CVE-2009-1803?
A potential workaround for CVE-2009-1803 is to modify the error response mechanics, but updating to a patched version is recommended.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/author
agent/last-modified-date
agent/remedy
agent/severity
agent/weakness
agent/description
agent/event
agent/first-publish-date
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
vendor/freepbx
canonical/freepbx
version/freepbx/2.4
version/freepbx/2.4.0_beta1
version/freepbx/2.4.0_beta2
version/freepbx/2.4.1
version/freepbx/2.5
version/freepbx/2.5.0_beta1
version/freepbx/2.5.0rc2
version/freepbx/2.5.0rc3
version/freepbx/2.5.1
version/freepbx/2.5.2
vendor/sangoma
version/freepbx/2.4.0
version/freepbx/2.5.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.