CVE-2007-6430

Name of the Vulnerable Software and Affected Versions Asterisk Open Source versions 1.2.x through 1.2.25 Asterisk Open Source versions 1.4.x through 1.4.15 Asterisk Business Edition versions B.x.x through B.2.3.5 Asterisk Business Edition versions C.x.x through C.1.0-beta7

Description The issue allows remote attackers to bypass authentication using a valid username when database-based registrations and host-based authentication are used. This occurs because the IP address is not checked when the username is correct and there is no password.

Recommendations For Asterisk Open Source versions 1.2.x through 1.2.25, update to version 1.2.26 or later. For Asterisk Open Source versions 1.4.x through 1.4.15, update to version 1.4.16 or later. For Asterisk Business Edition versions B.x.x through B.2.3.5, update to version B.2.3.6 or later. For Asterisk Business Edition versions C.x.x through C.1.0-beta7, update to version C.1.0-beta8 or later.