[asterisk-bugs] [JIRA] (ASTERISK-22820) [patch] Plaintext auth is still supported in IAX2

Wed Aug 2 10:16:14 CDT 2017

     [ https://issues.asterisk.org/jira/browse/ASTERISK-22820?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

George Joseph updated ASTERISK-22820:
-------------------------------------

    Target Release Version/s: 15.0.0

> [patch] Plaintext auth is still supported in IAX2
> -------------------------------------------------
>
>                 Key: ASTERISK-22820
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-22820
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_iax2
>    Affects Versions: SVN, 12.0.0, 13.0.0
>            Reporter: Eugene
>            Severity: Minor
>      Target Release: 15.0.0
>
>         Attachments: asterisk-12-chan_iax2-plaintext-auth-deprecated-v2.diff
>
>
> Starting from draft 2 of RFC 5456 (October 23, 2006) plaintext auth is not supported in IAX2 protocol. Please refer to section 8.6.13 of RFC 5456.
> But plaintext auth is still supported by Asterisk implementation of IAX2. This support should be dropped.
> Attached patch, based on asterisk-dev discussion, adds deprecation warning on startup if 'auth' is set to 'plaintext', changes default values of 'auth' from 'md5, plaintext' to 'md5', and adds note to UPGRADE.txt
> Patch is safe in terms of backwards compatibility, will work even if remote peers have auth=plaintext and we have defaults.
> auth=plaintext setting will remain deprecated in Asterisk 14 and 15, and IAX2 plaintext support will be removed in Asterisk 16.


--
This message was sent by Atlassian JIRA
(v6.2#6252)