[Freeswitch-users] [Security Issue][Need urgent comment]

Bilal Abbasi bilaln018 at gmail.com
Fri Jan 26 19:03:49 UTC 2018


Yes it's challenging auth, and after auth whatever password is configured
on softphone it sends 200OK.
and i have
 <param name="accept-blind-reg" value="false"/>

On Sat, Jan 27, 2018 at 12:00 AM, Michael Jerris <mike at jerris.com> wrote:

> is it challenging for auth or no?  maybe you have blind reg turned on?
>
> On Jan 26, 2018, at 1:41 PM, Bilal Abbasi <bilaln018 at gmail.com> wrote:
>
> Hi Users,
> I am using FreeSWITCH Version 1.6.19 git c540248 .
> today i noticed very weird issue, that i am getting an attack on one of my
> dev servers, that somebody is trying to make calls out of the box.
> And he is able to register the phone via "default" username(check via
> sngrep), i am using complex password and there is NO USER with name
> "DEFAULT" on my switch.
> I tried to register the default user with any random password and it
> allowed me to register on my softphone.
> I am really worried, and i can't believe that it's something at FS end.
> I am sure its some mistake, can somebody help me out please.
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20180127/e201453e/attachment-0001.html>


More information about the FreeSWITCH-users mailing list