CVE Vulnerabilities

CVE-2007-6430

Improper Authentication

Published: Dec 20, 2007 | Modified: Oct 15, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations (realtime) and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Asterisk_business_edition Asterisk b.2.2.0 b.2.2.0
Open_source Asterisk 1.2.8 1.2.8
Open_source Asterisk 1.2.14 1.2.14
Open_source Asterisk 1.2.15 1.2.15
Open_source Asterisk 1.4.9 1.4.9
Open_source Asterisk 1.4.10 1.4.10
Open_source Asterisk 1.4.6 1.4.6
Open_source Asterisk 1.2.23 1.2.23
Open_source Asterisk 1.4.15 1.4.15
Open_source Asterisk 1.4beta 1.4beta
Asterisk_business_edition Asterisk b.2.3.1 b.2.3.1
Open_source Asterisk 1.2.24 1.2.24
Open_source Asterisk 1.4.12 1.4.12
Open_source Asterisk 1.4.13 1.4.13
Open_source Asterisk 1.2.25 1.2.25
Open_source Asterisk 1.2.11 1.2.11
Open_source Asterisk 1.2.13 1.2.13
Asterisk_business_edition Asterisk b.2.3.3 b.2.3.3
Open_source Asterisk 1.4.2 1.4.2
Open_source Asterisk 1.4.1 1.4.1
Open_source Asterisk 1.2.5 1.2.5
Open_source Asterisk 1.4.11 1.4.11
Open_source Asterisk 1.2.21 1.2.21
Open_source Asterisk 1.4.3 1.4.3
Asterisk_business_edition Asterisk c.1.0beta7 c.1.0beta7
Open_source Asterisk 1.4.7 1.4.7
Asterisk_business_edition Asterisk b.1.3.2 b.1.3.2
Open_source Asterisk 1.4.4 1.4.4
Open_source Asterisk 1.2.7 1.2.7
Open_source Asterisk 1.2.10 1.2.10
Open_source Asterisk 1.2.17 1.2.17
Asterisk_business_edition Asterisk b.1.3.3 b.1.3.3
Open_source Asterisk 1.4.5 1.4.5
Asterisk_business_edition Asterisk b.2.3.4 b.2.3.4
Open_source Asterisk 1.2.0beta1 1.2.0beta1
Open_source Asterisk 1.2.22 1.2.22
Open_source Asterisk 1.4.14 1.4.14
Open_source Asterisk 1.2.16 1.2.16
Open_source Asterisk 1.2.9 1.2.9
Open_source Asterisk 1.2.0beta2 1.2.0beta2
Open_source Asterisk 1.2.19 1.2.19
Asterisk_business_edition Asterisk b.2.2.1 b.2.2.1
Asterisk_business_edition Asterisk b.2.3.2 b.2.3.2
Open_source Asterisk 1.4.8 1.4.8
Open_source Asterisk 1.2.6 1.2.6
Open_source Asterisk 1.2.18 1.2.18

Potential Mitigations

References