Re: [Linphone-users] Login details not transmitted securely

linphone-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Linphone-users] Login details not transmitted securely

From:	Guillaume
Subject:	Re: [Linphone-users] Login details not transmitted securely
Date:	Mon, 21 Mar 2016 09:17:48 +0100

What kind of connection to the server were you using? Did you enable TLS?
If using simple TCP/UDP connection, this is expected. Using TLS, you shouldn’t 
be able to to that.

Best regards,
Guillaume Bienkowski
address@hidden



> Le 18 mars 2016 à 23:31, Shadow Dragon <address@hidden> a écrit :
> 
> By running a MITM attack I was able to intercept login details as they
> were not properly protected.
> *note: password hash has been removed*
> 
> [192.168.0.100 > 91.121.209.194:5060] [HTTP Digest AUTH] http://
> Digest: username="shadow_dragon", realm="sip.linphone.org",
> nonce="3liI2gAAAACOEVNdAACwI+TVyvwAAAAA", uri="sip:sip.linphone.org",
> response="*redacted*", algorithm=MD5,
> cnonce="24f9e2be-e1da-4d2f-b97f-b08d6df80e9e", opaque="+GNywA==",
> qop=auth, nc=00000001
> 
> _______________________________________________
> Linphone-users mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/linphone-users

[Prev in Thread]

Current Thread

[Next in Thread]

[Linphone-users] Login details not transmitted securely, Shadow Dragon, 2016/03/18
- Re: [Linphone-users] Login details not transmitted securely, Guillaume <=

Prev by Date: [Linphone-users] Unable to register
Next by Date: [Linphone-users] Trying to get working outgoing call with Linphonecsh and Hipath4000 HG3550v2 Module
Previous by thread: [Linphone-users] Login details not transmitted securely
Next by thread: [Linphone-users] Linphone Android quirks (snapshot 3.1.0-26)
Index(es):
- Date
- Thread