Asterisk PBX 1.2 through 1.6 and Trixbox PBX 2.6.1, when running with Digest authentication and authalwaysreject enabled, generates different responses depending on whether or not a SIP username is valid, which allows remote attackers to enumerate valid usernames.

-</p>

Make your website safer. Use external penetration testing service. First report ready in one hour!</p>

**Hidden Content: To see this hidden content your post count must be 1 or greater.**