SIP Username Enumeration

medium Nessus Plugin ID 56983
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The SIP server on the remote host allows the enumeration of users.

Description

The SIP server on the remote host appears to respond differently to registration requests for valid and invalid usernames. Using that fact, Nessus was able to enumerate some of the valid usernames.

Solution

Configure the SIP server to respond identically to valid and invalid usernames. This can be done in Asterisk, for example, by setting 'alwaysauthreject=yes' in sip.conf.

See Also

https://tools.ietf.org/html/rfc3261

Plugin Details

Severity: Medium

ID: 56983

File Name: sip_enumeration.nasl

Version: 1.5

Type: remote

Family: Misc.

Published: 12/1/2011

Updated: 3/6/2019

Dependencies: sip_detection.nasl

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information