[Asterisk-Security] ISS IAX2 DoS Vulnerability Response
Kevin P. Fleming
kpfleming at digium.com
Thu Jul 20 02:01:45 MST 2006
----- Enzo Michelangeli <enzomich at gmail.com> wrote:
> Why "unauthenticated"? This appears to contradict what is said in the
> previous sentence, where the restriction is said to apply only to
> calls
> placed providing authentication information. If a call specifies a
> user for
> which no authentication is required (such as "guest") it can't be used
> for
> DoS purposes.
You are correct; the wording is incorrect, it should have been 'pending authentication' calls. Sorry for that.
--
Kevin P. Fleming
Senior Software Engineer
Digium, Inc.
More information about the Asterisk-Security
mailing list