Asterisk SIP vulnerability
Thursday, November 5th, 2009I found a security hole in the Asterisk SIP implementation last week. I was happy to hear that it has already been patched and released. The vulnerability allows an attacker to determine whether a given username is valid or not. With knowledge of existing usernames a more efficient password guessing attack can be mounted against [...]