{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Asterisk Open Source 1.6.x ;","product":{"name":"Asterisk","vendor":{"name":"Asterisk","scada":false}}},{"description":"Asterisk Open Source 1.2.x ;","product":{"name":"Asterisk","vendor":{"name":"Asterisk","scada":false}}},{"description":"Toutes les versions de s800i (Asterisk Appliance) ant\u00e9rieures \u00e0 la version 1.3.0.","product":{"name":"Asterisk","vendor":{"name":"Asterisk","scada":false}}},{"description":"Asterisk Business Edition A.x.x ;","product":{"name":"Asterisk","vendor":{"name":"Asterisk","scada":false}}},{"description":"Asterisk Business Edition C.2.x.x ;","product":{"name":"Asterisk","vendor":{"name":"Asterisk","scada":false}}},{"description":"Asterisk Business Edition B.x.x ;","product":{"name":"Asterisk","vendor":{"name":"Asterisk","scada":false}}},{"description":"Asterisk Open Source 1.4.x ;","product":{"name":"Asterisk","vendor":{"name":"Asterisk","scada":false}}},{"description":"Asterisk Business Edition C.1.x.x ;","product":{"name":"Asterisk","vendor":{"name":"Asterisk","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nUne faiblesse dans les retours de validation des connexions\nd'utilisateur permet \u00e0 une personne malveillante de distinguer un compte\nutilisateur existant d'un compte inexistant.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2009-0041","url":"https://www.cve.org/CVERecord?id=CVE-2009-0041"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200905-01 du 02 mai 2009 :","url":"http://www.gentoo.org/security/en/glsa/glsa-200905-01.xml"},{"title":"Bulletin de s\u00e9curit\u00e9 Asterisk AST-2009-001 du 7 janvier    2009 :","url":"http://downloads.digium.com/pub/security/AST-2009-001.html"}],"reference":"CERTA-2009-AVI-010","revisions":[{"description":"version initiale.","revision_date":"2009-01-09T00:00:00.000000"},{"description":"ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Gentoo.","revision_date":"2009-05-13T00:00:00.000000"}],"risks":[{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"Une vuln\u00e9rabilit\u00e9 affectant les produits Asterisk permet \u00e0 une personne\nmalintentionn\u00e9e de porter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n","title":"Vuln\u00e9rabilit\u00e9 dans Asterisk","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Asterisk AST-2009-001 du 7 janvier 2009","url":null}]}