Good night,
Staff would like first to thank them by the list of discussion.
I am new here and I have a small question to see if someone could help me.
Well I am doing some testing with the Asterisk on authentication and vulnerabilities involving IAX and SIP.
When I use the parameter in IAX.conf md5secret = hash_retornado by command (echo-n “user: realm: password” | md5sum), I can only register with Asterisk server but not authentic or me returns the message registered unauthenticated. When I use the secret only, I can register and authenticate me.
This way I can hold call.The IAX or Asterisk should block the users because they are not authenticated, only registered, but i am doing calls normaly.
Anyone know if you have a registration process and authentication in IAX which differs from SIP? Or why the message of no authentication?
Thanks to all.
Alex Nogueira