CVE-2009-1803 Information

Description

FreePBX 2.5.1 and other 2.4.x 2.5.x and pre-release 2.6.x versions generates different error messages for a failed login attempt depending on whether the user account exists which allows remote attackers to enumerate valid usernames.

Reference

http://freepbx.org/trac/ticket/3660 http://secunia.com/advisories/34772 http://www.osvdb.org/54263 http://www.securityfocus.com/bid/34857