[Freeswitch-users] [Security Issue][Need urgent comment]

Bilal Abbasi bilaln018 at gmail.com
Fri Jan 26 19:08:37 UTC 2018


Here is the sngrep screen shot, i guess if i did the blind accept, it
should not reply back with 401(just assumption)

On Sat, Jan 27, 2018 at 12:03 AM, Bilal Abbasi <bilaln018 at gmail.com> wrote:

> Yes it's challenging auth, and after auth whatever password is configured
> on softphone it sends 200OK.
> and i have
>  <param name="accept-blind-reg" value="false"/>
>
> On Sat, Jan 27, 2018 at 12:00 AM, Michael Jerris <mike at jerris.com> wrote:
>
>> is it challenging for auth or no?  maybe you have blind reg turned on?
>>
>> On Jan 26, 2018, at 1:41 PM, Bilal Abbasi <bilaln018 at gmail.com> wrote:
>>
>> Hi Users,
>> I am using FreeSWITCH Version 1.6.19 git c540248 .
>> today i noticed very weird issue, that i am getting an attack on one of
>> my dev servers, that somebody is trying to make calls out of the box.
>> And he is able to register the phone via "default" username(check via
>> sngrep), i am using complex password and there is NO USER with name
>> "DEFAULT" on my switch.
>> I tried to register the default user with any random password and it
>> allowed me to register on my softphone.
>> I am really worried, and i can't believe that it's something at FS end.
>> I am sure its some mistake, can somebody help me out please.
>>
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20180127/481ca6a6/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2018-01-27 at 12.05.13 AM.png
Type: image/png
Size: 92700 bytes
Desc: not available
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20180127/481ca6a6/attachment-0001.png>


More information about the FreeSWITCH-users mailing list