Juha, I'm not saying that re-using the nonce is against RFC and that the phone is broken - I'm saying it is a security issue (stolen credentials) and rejecting such auth requests does not break anything.
Regards, Bogdan Juha Heinanen wrote: > Bogdan-Andrei Iancu writes: > > > The errors you are seeing are a result of the new nonce security check > > that was added in trunk. See: > > http://lists.openser.org/pipermail/users/2008-June/017719.html > > > > Probably you have in the network some UACs that tries to reuse a nonce > > for multiple authentications. > > the UA in question is cisco/linksys spa941. it does not surprise me at > all if cisco cannot implement the rfcs their own people are writing. > > -- juha > > _______________________________________________ Devel mailing list Devel@lists.openser.org http://lists.openser.org/cgi-bin/mailman/listinfo/devel
