[asterisk-bugs] [JIRA] (ASTERISK-23322) Unable to use SIP INVITE authentication with type=peer and device name mismatch with username

Michael L. Young (JIRA) noreply at issues.asterisk.org
Tue Feb 18 10:44:04 CST 2014 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-23322?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Michael L. Young updated ASTERISK-23322:
----------------------------------------

    Description: 
Scenario:

sip.conf
{noformat}
[devicename]
type=peer
fromuser=authuser
secret=...
{noformat}
In this case if devicename not equal authuser you need add statement "insecure=invite" for receiving incoming calls. But this INVITEs is not authenticated by receiving system. It's security hole.


  was:
Scenario:

sip.conf

[devicename]
type=peer
fromuser=authuser
secret=...

In this case if devicename not equal authuser you need add statement "insecure=invite" for receiving incoming calls. But this INVITEs is not authenticated by receiving system. It's security hole.


    
> Unable to use SIP INVITE authentication with type=peer and device name mismatch with username
> ---------------------------------------------------------------------------------------------
>
>                 Key: ASTERISK-23322
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-23322
>             Project: Asterisk
>          Issue Type: Improvement
>      Security Level: None
>          Components: Channels/chan_sip/General
>    Affects Versions: 11.7.0
>            Reporter: Igor Nikolaev
>            Severity: Trivial
>         Attachments: asterisk-chan_sip-inbound-invite-auth.patch
>
>
> Scenario:
> sip.conf
> {noformat}
> [devicename]
> type=peer
> fromuser=authuser
> secret=...
> {noformat}
> In this case if devicename not equal authuser you need add statement "insecure=invite" for receiving incoming calls. But this INVITEs is not authenticated by receiving system. It's security hole.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the asterisk-bugs mailing list