<div dir="ltr">Are you by chance using xml_curl or some other dynamic method to generate the users?<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jan 26, 2018 at 2:14 PM, Bilal Abbasi <span dir="ltr"><<a href="mailto:bilaln018@gmail.com" target="_blank">bilaln018@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">"default" is the ONLY user that gets register with any password(i tried from my own softphone), if i try any valid user like 1000,1001 i am not able to register.</div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Jan 27, 2018 at 12:08 AM, Bilal Abbasi <span dir="ltr"><<a href="mailto:bilaln018@gmail.com" target="_blank">bilaln018@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Here is the sngrep screen shot, i guess if i did the blind accept, it should not reply back with 401(just assumption)</div><div class="m_3460098239711960922HOEnZb"><div class="m_3460098239711960922h5"><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Jan 27, 2018 at 12:03 AM, Bilal Abbasi <span dir="ltr"><<a href="mailto:bilaln018@gmail.com" target="_blank">bilaln018@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Yes it's challenging auth, and after auth whatever password is configured on softphone it sends 200OK.<div>and i have </div><div><span class="m_3460098239711960922m_2038638445344449330m_3650668160651168244gmail-s1" style="font-family:Monaco;font-size:10px;font-variant-ligatures:no-common-ligatures;color:rgb(244,244,244)"> </span><span class="m_3460098239711960922m_2038638445344449330m_3650668160651168244gmail-s2" style="font-family:Monaco;font-size:10px;font-variant-ligatures:no-common-ligatures;color:rgb(52,187,200)"><param </span><span class="m_3460098239711960922m_2038638445344449330m_3650668160651168244gmail-s3" style="font-family:Monaco;font-size:10px;font-variant-ligatures:no-common-ligatures;color:rgb(52,188,38)">name</span><span class="m_3460098239711960922m_2038638445344449330m_3650668160651168244gmail-s1" style="font-family:Monaco;font-size:10px;font-variant-ligatures:no-common-ligatures;color:rgb(244,244,244)">=</span><span class="m_3460098239711960922m_2038638445344449330m_3650668160651168244gmail-s4" style="color:rgb(195,55,32);font-family:Monaco;font-size:10px;font-variant-ligatures:no-common-ligatures">"accept-blind-reg"</span><span class="m_3460098239711960922m_2038638445344449330m_3650668160651168244gmail-s2" style="font-family:Monaco;font-size:10px;font-variant-ligatures:no-common-ligatures;color:rgb(52,187,200)"> </span><span class="m_3460098239711960922m_2038638445344449330m_3650668160651168244gmail-s3" style="font-family:Monaco;font-size:10px;font-variant-ligatures:no-common-ligatures;color:rgb(52,188,38)">value</span><span class="m_3460098239711960922m_2038638445344449330m_3650668160651168244gmail-s1" style="font-family:Monaco;font-size:10px;font-variant-ligatures:no-common-ligatures;color:rgb(244,244,244)">=</span><span class="m_3460098239711960922m_2038638445344449330m_3650668160651168244gmail-s4" style="color:rgb(195,55,32);font-family:Monaco;font-size:10px;font-variant-ligatures:no-common-ligatures">"false"</span><span class="m_3460098239711960922m_2038638445344449330m_3650668160651168244gmail-s2" style="font-family:Monaco;font-size:10px;font-variant-ligatures:no-common-ligatures;color:rgb(52,187,200)">/></span></div>
</div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="m_3460098239711960922m_2038638445344449330h5">On Sat, Jan 27, 2018 at 12:00 AM, Michael Jerris <span dir="ltr"><<a href="mailto:mike@jerris.com" target="_blank">mike@jerris.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="m_3460098239711960922m_2038638445344449330h5"><div style="word-wrap:break-word">is it challenging for auth or no? maybe you have blind reg turned on? <span><div><br><div><blockquote type="cite"><div>On Jan 26, 2018, at 1:41 PM, Bilal Abbasi <<a href="mailto:bilaln018@gmail.com" target="_blank">bilaln018@gmail.com</a>> wrote:</div><br class="m_3460098239711960922m_2038638445344449330m_3650668160651168244m_-8495716828034092378Apple-interchange-newline"><div><div dir="ltr">Hi Users,<div>I am using FreeSWITCH<span style="background-color:rgb(255,255,255)"><font> <font face="arial, helvetica, sans-serif"><span style="font-variant-ligatures:no-common-ligatures">Version 1.6.19 git c540248</span><span class="m_3460098239711960922m_2038638445344449330m_3650668160651168244m_-8495716828034092378gmail-Apple-converted-space" style="font-variant-ligatures:no-common-ligatures"> .</span></font></font></span></div><div>today i noticed very weird issue, that i am getting an attack on one of my dev servers, that somebody is trying to make calls out of the box.</div><div>And he is able to register the phone via "default" username(check via sngrep), i am using complex password and there is NO USER with name "DEFAULT" on my switch.</div><div>I tried to register the default user with any random password and it allowed me to register on my softphone.</div><div>I am really worried, and i can't believe that it's something at FS end.</div><div>I am sure its some mistake, can somebody help me out please.</div></div></div></blockquote></div><br></div></span></div><br></div></div><span>______________________________<wbr>______________________________<wbr>_____________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions<wbr>.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.o<wbr>rg</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswi<wbr>tch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/ma<wbr>ilman/listinfo/freeswitch-user<wbr>s</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.frees<wbr>witch.org/mailman/options/free<wbr>switch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br></span></blockquote></div><br></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div><br>______________________________<wbr>______________________________<wbr>_____________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.<wbr>freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.<wbr>org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.<wbr>freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/<wbr>mailman/listinfo/freeswitch-<wbr>users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.<wbr>freeswitch.org/mailman/<wbr>options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br></div>