Auth bypass in Asterisk Asterisk_business_edition
CVE-2007-6430
Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check th…
Vulnerability class: Broken Authentication
EPSS: 0.020 (77.7th percentile) — read the EPSS interpretation.
Affected products
- Asterisk Asterisk_business_edition — versions b.1.3.2, b.1.3.3, b.2.2.0
- Asterisk Open_source — versions 1.2.0beta1, 1.2.0beta2, 1.2.5
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (vendor-advisory, x_refsource_GENTOO)
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
- cve@mitre.org (vendor-advisory, x_refsource_SUSE)
- cve@mitre.org (vdb-entry, x_refsource_VUPEN)
- cve@mitre.org (vendor-advisory, x_refsource_DEBIAN)
- cve@mitre.org (x_refsource_SREASON, third-party-advisory)
- cve@mitre.org (x_refsource_OSVDB, vdb-entry)