[asterisk-bugs] [Asterisk 0014493]: alwaysauthreject option in sip.conf should default to yes
Asterisk Bug Tracker
noreply at bugs.digium.com
Tue Feb 17 12:14:16 CST 2009
The following issue has been UPDATED.
======================================================================
http://bugs.digium.com/view.php?id=14493
======================================================================
Reported By: shaunreitan
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 14493
Category: Channels/chan_sip/General
Reproducibility: always
Severity: major
Priority: normal
Status: closed
Asterisk Version: 1.6.0
Regression: No
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Request Review:
Resolution: no change required
Fixed in Version:
======================================================================
Date Submitted: 2009-02-17 11:52 CST
Last Modified: 2009-02-17 12:14 CST
======================================================================
Summary: alwaysauthreject option in sip.conf should default
to yes
Description:
The option alwaysauthreject in the sip.conf should ALWAYS default to yes
unless otherwise set to no. SIP brute forcing is popping up more and more
these days and telling the hacker that he found the right username but has
the wrong password is not the greatest idea. Why give them one piece of
the puzzle!
More information about the asterisk-bugs
mailing list