Package: repro Version: 1.8.5-1 Severity: important
According to the SIP RFCs, SIP DIGEST authentication is meant to operate much like HTTP DIGEST authentication. Although not specified explicitly in the SIP RFCs, this means that like HTTP proxies, SIP proxies should remove any Proxy-Authorization headers that relate to their own realm (after validating the credentials of course) repro is leaving Proxy-Authorization headers intact when relaying SIP messages to other proxies or their final destination. This is bad for interoperability and security. - interoperability: FreeSWITCH fails to accept such packets completed (observed during late 2012 in a conf call with the FreeSWITCH team) - security: although the password is not revealed (due to the DIGEST algorithm), the username for the realm is propagated downstream. This may not be desirable. Upstream has fixed this in v1.8.6 -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
