Unrated severityNVD Advisory· Published May 28, 2009· Updated Apr 23, 2026

CVE-2009-1803

Description

FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

Affected products

Freepbx/Freepbx12 versions
cpe:2.3:a:freepbx:freepbx:2.4.0_beta1:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:freepbx:freepbx:2.4.0_beta1:*:*:*:*:*:*:*
- cpe:2.3:a:freepbx:freepbx:2.4.0_beta2:*:*:*:*:*:*:*
- cpe:2.3:a:freepbx:freepbx:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:freepbx:freepbx:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:freepbx:freepbx:2.5.0_beta1:*:*:*:*:*:*:*
- cpe:2.3:a:freepbx:freepbx:2.5.0rc2:*:*:*:*:*:*:*
- cpe:2.3:a:freepbx:freepbx:2.5.0rc3:*:*:*:*:*:*:*
- cpe:2.3:a:freepbx:freepbx:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:freepbx:freepbx:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:freepbx:freepbx:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:sangoma:freepbx:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:sangoma:freepbx:2.5.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/34857nvdPatch
secunia.com/advisories/34772nvdVendor Advisory
freepbx.org/trac/ticket/3660nvd
www.osvdb.org/54263nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000