Authentication Bypass in Asterisk Open Source and Business Edition
CVE-2007-6430

Currently unrated

Key Information:

Vendor: Asterisk
Status: Asterisk Business Edition; Open Source
Vendor: CVE Published:; 20 December 2007

What is CVE-2007-6430?

A vulnerability exists in certain versions of Asterisk Open Source and Business Edition, allowing remote attackers to bypass authentication. When using database-based registrations and host-based authentication, the system fails to validate the IP address during the authentication process if a valid username is provided without a password. This oversight enables unauthorized access, potentially compromising the system's security.

References

http://secunia.com/advisories/28149

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/29782

third-party-advisoryx_refsource_SECUNIA

http://security.gentoo.org/glsa/glsa-200804-13.xml

vendor-advisoryx_refsource_GENTOO

Timeline

Vulnerability published
Dec 20, 2007
Vulnerability Reserved
Dec 18, 2007