[asterisk-users] SIP secruity: username and password
Olle E. Johansson
oej at edvina.net
Thu May 5 07:16:14 CDT 2011
5 maj 2011 kl. 14.08 skrev bilal ghayyad:
> Hi All;
>
> When the endpoint register on Asterisk or initiate a call, so they exchange the sip username and password. What is the possibility that this will be capture by the hacker and how to avoid this problem?
We never exchange passwords in clear text in SIP 2.0. SIP uses HTTP digest authentication with MD5. There are many articles about that on the web, so that you can find out how it works and what the risks are.
Cheers,
/O
More information about the asterisk-users
mailing list