Digium · Asterisk Open Source · CVE-2011-4597
**Name of the Vulnerable Software and Affected Versions**
Asterisk Open Source versions 1.4.x through 1.4.42
Asterisk Open Source versions 1.6.x through 1.6.2.20
Asterisk Open Source versions 1.8.x through 1.8.7.1
**Description**
The issue affects the SIP over UDP implementation, allowing remote attackers to enumerate usernames by sending a series of requests. This is possible due to the different port numbers used for responses to invalid requests, depending on whether a SIP username exists.
**Recommendations**
For Asterisk Open Source versions 1.4.x through 1.4.42, update to version 1.4.43 or later.
For Asterisk Open Source versions 1.6.x through 1.6.2.20, update to version 1.6.2.21 or later.
For Asterisk Open Source versions 1.8.x through 1.8.7.1, update to version 1.8.7.2 or later.