[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Linphone-users] Login details not transmitted securely
From: |
Guillaume |
Subject: |
Re: [Linphone-users] Login details not transmitted securely |
Date: |
Mon, 21 Mar 2016 09:17:48 +0100 |
What kind of connection to the server were you using? Did you enable TLS?
If using simple TCP/UDP connection, this is expected. Using TLS, you shouldn’t
be able to to that.
Best regards,
Guillaume Bienkowski
address@hidden
> Le 18 mars 2016 à 23:31, Shadow Dragon <address@hidden> a écrit :
>
> By running a MITM attack I was able to intercept login details as they
> were not properly protected.
> *note: password hash has been removed*
>
> [192.168.0.100 > 91.121.209.194:5060] [HTTP Digest AUTH] http://
> Digest: username="shadow_dragon", realm="sip.linphone.org",
> nonce="3liI2gAAAACOEVNdAACwI+TVyvwAAAAA", uri="sip:sip.linphone.org",
> response="*redacted*", algorithm=MD5,
> cnonce="24f9e2be-e1da-4d2f-b97f-b08d6df80e9e", opaque="+GNywA==",
> qop=auth, nc=00000001
>
> _______________________________________________
> Linphone-users mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/linphone-users