[OpenSER-Devel] nonce errors in trunk

Dan Pascu dan at ag-projects.com
Fri Jun 6 23:38:49 CEST 2008


Bogdan-Andrei Iancu wrote:
> Juha,
>
> I'm not saying that re-using the nonce is against RFC and that the phone 
> is broken  - I'm saying it is a security issue (stolen credentials) and 
> rejecting such auth requests does not break anything.
>   

Can this new security mechanism be disabled (in case something goes 
wrong and cannot be easily fixed), so that it'll go back to the old 
behavior?

-- 
Dan




More information about the Devel mailing list