| Ed Leatherman 2007-04-05, 1:11 pm |
| I'm not sure I understand why it was a security hole, if you have it
configured to lock out after X number of attempts anyway? Or was it
something else?
On 4/5/07, CarlosOrtiz@bayviewfinancial.com <
CarlosOrtiz@bayviewfinancial.com> wrote:
>
>
> I got an answer from one of my partner SE's. FYI for everyone.
>
> <B>Symptom:</B>
>
> After calling Unity from a primary or alternate extension and entering an
> incorrect password, Unity reprompts the subscriber to enter their ID.
>
> <B>Conditions:</B>
>
> Seen with cisco Unity 4.2(1) when a subscriber calls Unity from a known
> extension (primary or alternate), and enters an incorrect password. In
> previous releases, if an incorrect password was entered, Unity would
> reprompt for the password. With sign-in enhancements in 4.2(1), Unity now
> prompts for the ID if an invalid password is received.
>
> <B>Workaround:</B>
>
> None.
>
> The Unity DE's have reported that this design modification was to fix what
> they believed to be a security hole. This will be the expected behavior
> for Unity 4.2.1 and forward. Currently there is no plan by the Unity
> Business Unit to change this behavior or give customers access to change the
> behavior.
>
>
>
>
> *Carlos Ortiz/MIA/BAY/BFTG*
>
> 04/05/2007 09:21 AM
> To
> Cisco-Voip List cc
>
> Subject
> Unity 4.2 versus 4.05
>
>
>
>
>
> In Unity 4.05 when a user enters the wrong password they are prompted to
> re-enter their password. In 4.2 they are prompted to enter their
> ID(extension) AND then their password. Is there any way to change it to
> behave like 4.05 or is this just a change we have to live with.
>
> Carlos
>
>
> ________________________________________
_______
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
--
Ed Leatherman
Senior Voice Engineer
West Virginia University
Telecommunications and Network Operations
|