diff options
author | file <file@f38db490-d61c-443f-a65b-d21fe96a405b> | 2009-11-04 19:14:30 +0000 |
---|---|---|
committer | file <file@f38db490-d61c-443f-a65b-d21fe96a405b> | 2009-11-04 19:14:30 +0000 |
commit | 3b86db62d7d5b72cbcdf2bf2953ab671f9408da3 (patch) | |
tree | d1472eaac2a5cadc412a09563c29d4deabd0a059 | |
parent | d33c31eefd0c219396649177bb31145e92d26d05 (diff) |
Fix a security issue where sending a REGISTER with a differing username in the From
URI and Authorization header would reveal whether it was valid or not.
(AST-2009-008)
git-svn-id: http://svn.digium.com/svn/asterisk/tags/1.4.26.3@227692 f38db490-d61c-443f-a65b-d21fe96a405b
-rw-r--r-- | channels/chan_sip.c | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/channels/chan_sip.c b/channels/chan_sip.c index 98be29093..a241469ae 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -9208,8 +9208,6 @@ static enum check_auth_result register_verify(struct sip_pvt *p, struct sockaddr Asterisk uses the From: username for authentication. We need the users to use the same authentication user name until we support proper authentication by digest auth name */ - transmit_response(p, "403 Authentication user name does not match account name", &p->initreq); - break; case AUTH_NOT_FOUND: case AUTH_PEER_NOT_DYNAMIC: case AUTH_ACL_FAILED: |