From d066cb5d740dda3a45ef8db12c1426e992655d5b Mon Sep 17 00:00:00 2001
From: file <file@f38db490-d61c-443f-a65b-d21fe96a405b>
Date: Wed, 4 Nov 2009 19:15:06 +0000
Subject: Fix a security issue where sending a REGISTER with a differing
 username in the From URI and Authorization header would reveal whether it was
 valid or not.

(AST-2009-008)


git-svn-id: http://svn.digium.com/svn/asterisk/tags/1.6.0.17@227694 f38db490-d61c-443f-a65b-d21fe96a405b
---
 channels/chan_sip.c | 2 --
 1 file changed, 2 deletions(-)

(limited to 'channels')

diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index 0959e20dd..2da985ca3 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -11238,8 +11238,6 @@ static enum check_auth_result register_verify(struct sip_pvt *p, struct sockaddr
 			   Asterisk uses the From: username for authentication. We need the
 			   users to use the same authentication user name until we support
 			   proper authentication by digest auth name */
-			transmit_response(p, "403 Authentication user name does not match account name", &p->initreq);
-			break;
 		case AUTH_NOT_FOUND:
 		case AUTH_PEER_NOT_DYNAMIC:
 		case AUTH_ACL_FAILED:
-- 
cgit v1.2.3