Hi Henning, the sequence number is not checked because it is not stored in the auth module. Actually there is no information kept by the module during the challenge and response.
regards, bogdan Henning Westerholt wrote: > On Friday 30 November 2007, Klaus Darilion wrote: > >>> Revision: 3232 >>> http://openser.svn.sourceforge.net/openser/?rev=3232&view=rev >>> Author: henningw >>> Date: 2007-11-29 08:14:33 -0800 (Thu, 29 Nov 2007) >>> >>> Log Message: >>> ----------- >>> - enable qop mode for auth challenge function, as recommended in >>> documentation >>> >> As openser does not check sequence numbers there is actually no benefit >> of security :-( >> > > Hi Klaus, > > do you have more informations about this problem? Was this discussed on the > list in the past? Why is this not checked? > > Cheers, > > Henning > > _______________________________________________ > Devel mailing list > [email protected] > http://lists.openser.org/cgi-bin/mailman/listinfo/devel > > _______________________________________________ Devel mailing list [email protected] http://lists.openser.org/cgi-bin/mailman/listinfo/devel
