Asterisk SIP Channel Driver Username Disclosure (AST-2013-003)
Medium Nessus Plugin ID 65898
SynopsisA telephony application running on the remote host is affected by an information disclosure vulnerability.
DescriptionAccording to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a username disclosure vulnerability related to INVITE, SUBSCRIBE and REGISTER transactions and improper settings for the configuration options 'alwaysauthreject', 'allowguest' and 'autocreatepeer'.
SolutionUpgrade to Asterisk 18.104.22.168 / 10.12.2 / 11.2.2 / Certified Asterisk 1.8.15-cert2 / Asterisk Business Edition C.3.8.1, or apply the appropriate patch listed in the Asterisk advisory.