[Freeswitch-users] [Security Issue][Need urgent comment]
Brian West
brian at freeswitch.com
Fri Jan 26 19:18:57 UTC 2018
Read directory/default/default.xml
This will actually cause nothing to happen, If you realize the context on
the profile is public, they will not be able to actually do anything as
they'll be assigned to context on the profile since that user doesn't have
a user_context variable.
It states exactly this:
ATTENTION PLEASE READ THIS... (I know you won't but you've been
warned)
Let it be known that this user can register without a password but
since we do not assign
this user a user_context and we don't authenticate this user they
will be put in context 'public'.
This isn't a security issue as the endpoint would be put into the
same context 'public' as the
sofia profile that starts on 5080 by default. If you're paranoid
just remove this file and
remove the external profile also.
On Fri, Jan 26, 2018 at 1:14 PM, Bilal Abbasi <bilaln018 at gmail.com> wrote:
> "default" is the ONLY user that gets register with any password(i tried
> from my own softphone), if i try any valid user like 1000,1001 i am not
> able to register.
>
> On Sat, Jan 27, 2018 at 12:08 AM, Bilal Abbasi <bilaln018 at gmail.com>
> wrote:
>
>> Here is the sngrep screen shot, i guess if i did the blind accept, it
>> should not reply back with 401(just assumption)
>>
>> On Sat, Jan 27, 2018 at 12:03 AM, Bilal Abbasi <bilaln018 at gmail.com>
>> wrote:
>>
>>> Yes it's challenging auth, and after auth whatever password is
>>> configured on softphone it sends 200OK.
>>> and i have
>>> <param name="accept-blind-reg" value="false"/>
>>>
>>> On Sat, Jan 27, 2018 at 12:00 AM, Michael Jerris <mike at jerris.com>
>>> wrote:
>>>
>>>> is it challenging for auth or no? maybe you have blind reg turned on?
>>>>
>>>> On Jan 26, 2018, at 1:41 PM, Bilal Abbasi <bilaln018 at gmail.com> wrote:
>>>>
>>>> Hi Users,
>>>> I am using FreeSWITCH Version 1.6.19 git c540248 .
>>>> today i noticed very weird issue, that i am getting an attack on one of
>>>> my dev servers, that somebody is trying to make calls out of the box.
>>>> And he is able to register the phone via "default" username(check via
>>>> sngrep), i am using complex password and there is NO USER with name
>>>> "DEFAULT" on my switch.
>>>> I tried to register the default user with any random password and it
>>>> allowed me to register on my softphone.
>>>> I am really worried, and i can't believe that it's something at FS end.
>>>> I am sure its some mistake, can somebody help me out please.
>>>>
>>>>
>>>>
>>>> ____________________________________________________________
>>>> _____________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://confluence.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/free
>>>> switch-users
>>>> http://www.freeswitch.org
>>>>
>>>
>>>
>>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
--
Brian West | Co-founder and Developer
Need Commercial support? email sales at freeswitch.com
FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
<https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g>
Email: brian at freeswitch.com
Mobile: 918-424-9378
Website: https://www.FreeSWITCH.com <https://www.freeswitch.com/>
[image: color-facebook-96.png] <https://www.facebook.com/freeswitch/>[image:
color-twitter-96.png]
<https://twitter.com/freeswitch?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20180126/cc3e9ccc/attachment-0001.html>
More information about the FreeSWITCH-users
mailing list