Dale, I agree, the proxy doesn't prevent the phone from performing correctly. But the proxy allows a locally terminated call which requires authorization, with any incorrect authentication credentials which it should not. This could let a malicious user to spoof calls as a valid user.
Thanks, Arjun On Fri, Mar 26, 2010 at 5:57 PM, WORLEY, DALE R (DALE) <[email protected]> wrote: > ________________________________________ > From: [email protected] > [[email protected]] On Behalf Of Arjun Sambamoorthy > [[email protected]] > > When I make a call from a valid user registered with sipX to another > valid registered sipX user. I get a 407 Proxy authenticate challenge. > sipX accepts my MD5 response calculated with "any" (unknown/non > existing) user name and password. sipX should actually reject my > response with another 407 until I authenticate with a correct and > valid nuser name and password. > ________________________________________ > > Although it does not seem to me that this behavior on the part of the proxy > will prevent a phone that possesses correct credentials from performing > correctly. If the call is routed toward a destination that requires > authorization, the proxy will check that the presented authentication > credentials are correct for the claimed user name, and that the claimed user > name has the appropriate authorization. > > Dale > _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
