Problem authenticated with IAX and Asterisk

Good night,

Staff would like first to thank them by the list of discussion.

I am new here and I have a small question to see if someone could help me.

Well I am doing some testing with the Asterisk on authentication and vulnerabilities involving IAX and SIP.

When I use the parameter in IAX.conf md5secret = hash_retornado by command (echo-n “user: realm: password” | md5sum), I can only register with Asterisk server but not authentic or me returns the message registered unauthenticated. When I use the secret only, I can register and authenticate me.
This way I can hold call.The IAX or Asterisk should block the users because they are not authenticated, only registered, but i am doing calls normaly.

Anyone know if you have a registration process and authentication in IAX which differs from SIP? Or why the message of no authentication?

Thanks to all.

Alex Nogueira