CVE-2009-1803

Metadata

CVE-2009-1803
5.0
freepbx.org, securityfocus.com
2009-05-28
2017-06-06 20:19

Description

FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

Related Vulnerabilities