Vigil@nce: Asterisk, user detection via IAX2
January 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker can use information returned during the IAX2
authentication in order to detect if a user name is valid.
Gravity: 2/4
Consequences: data reading
Provenance: intranet client
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 09/01/2009
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The Asterisk product implements the IAX2 protocol (Inter-Asterisk
Exchange version 2) to transmit streaming over IP.
The IAX2 authentication uses several methods:
– IAX_AUTH_PLAINTEXT : text
– IAX_AUTH_MD5 : md5 hash
– IAX_AUTH_RSA : RSA encryption
When the user name is invalid, the error message uses a text
authentication. When the username is valid and the password is
invalid, the error message uses one of user’s authentication
methods.
An attacker can therefore use this difference in order to detect
if the username is valid. The attacker can thus construct a list
of valid users.
CHARACTERISTICS
Identifiers: AST-2009-001, BID-33174, CVE-2009-0041,
VIGILANCE-VUL-8376
http://vigilance.fr/vulnerability/Asterisk-user-detection-via-IAX2-8376