[Serusers] hijack another account

kcassidy at kakelma.mine.nu kcassidy at kakelma.mine.nu
Thu Dec 2 14:11:18 CET 2004


Hi All,

  I found an interesting problem. Set up is using xlite, SER 0.8.12 with 
digest authentication enabled.  I just realized that after I get 
registered with account A.  Then change the "username" (keep authorization 
user to A) in Xlite to someone's  SIP account (B).  I can make calls using 
B's credits while registration  I'm using is still A's.  Is there a way to 
fix this?

In xlite you have parameters:

Username: (use for actual call, pass on to GW (e.g. pstn) 
Authorization User: (use for registration)
Password: (use for registration)




More information about the sr-users mailing list