Re: [cisco-voip] CUCM and Auto Fill Credentials

2018-03-15 Thread Stephen Welsh
Hi Anthony, Yes, the SSH credentials saved on the device page are available in clear text in the phone XML config, it’s not just your environment unfortunately. Also I believe the same thing applies for the Telepresence endpoints (anything running CE including the DX) for the web page admin cre

Re: [cisco-voip] CUCM and Auto Fill Credentials

2018-03-15 Thread Stephen Welsh
While we are on the subject here are some other non encrypted TFTP server items: * ConfigFileCacheList.txt * FileList.txt * BinFileCacheList.txt * PerfMon.txt * ParamList.txt * lddefault.cfg So you could use the following to get a list of all the device MAC addresses ano

Re: [cisco-voip] CUCM and Auto Fill Credentials

2018-03-15 Thread Anthony Holloway
I don't know about any of those additional files, and the FileList one was something I was looking for. Today's goal will be to write a Python script to: grab that file, then grab all phone configs, then auth against CUCM, and finally, store the credentials that worked. It might even be worth loo

Re: [cisco-voip] CUCM and Auto Fill Credentials

2018-03-15 Thread Charles Goldsmith
It's interesting, and scary, if you are on a system's network, wouldn't be hard to get people's passwords. I did confirm that I have access to about 20 different AD passwords from just 1 cluster. Thanks for the info Anthony On Thu, Mar 15, 2018 at 7:46 AM Anthony Holloway < avholloway+cisco-v...

[cisco-voip] CUBE DTMF

2018-03-15 Thread GR
Hi Guys, I am having an issue with SIP provider only supporting rfc2833. The CUBEs are configured only for rtp-nte on all dial-peers facing both the provider and the CUCM internal network (multiple clusters) Randomly one of the MGCP/h323 gateway is having issues, where it only supports OOB and

Re: [cisco-voip] CUBE DTMF

2018-03-15 Thread Prashanthi Velpula (prvelpul)
Hi GR, Can you give an example of the call flow you having issues with ? For example: IP phone(SCCP) -- > CUCM -- > MGCP/H323 -- > CUBE -- > SIP -- > Provider ? Regards Prashanthi -Original Message- From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] On Behalf Of GR Sent:

Re: [cisco-voip] session target dns

2018-03-15 Thread Ed Leatherman
Follow-up for posterity.. I had a feeling this was the case but got some confirmation from TAC: "This is working as designed when this is an incoming call, the reason why it works that way is because on the incoming leg the call comes from 1 specific IP address, and if CUBE does a DNS query for SR

Re: [cisco-voip] CUCM and Auto Fill Credentials

2018-03-15 Thread Anthony Holloway
I didn't actually check the file contents before replying. What I meant to say was, the ConfigFileCacheList.txt is the file I was wondering if existed. Since it does, then one could write a scraping tool to search for and confirm credentials in one fell swoop. Thanks for the information, Stephen

Re: [cisco-voip] CUBE DTMF

2018-03-15 Thread Anthony Holloway
I was going to mention that CUBE doesn't support rtp-nte to sip-kpml interworking. Weird, I know. But that's how it was. However, when I went to grab the link for my source, the table has been updated, and I see that this is now supported. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/voice

Re: [cisco-voip] session target dns

2018-03-15 Thread Anthony Holloway
Wow. So you pointed out a flaw in the provider network. Presumably, they were hosting other customers with the same setup; so how in the world was it working for the others? Or maybe you are the beta tester? On Thu, Mar 15, 2018 at 9:54 AM Ed Leatherman wrote: > Follow-up for posterity.. > >

Re: [cisco-voip] CUCM and Auto Fill Credentials

2018-03-15 Thread Ryan Ratliff (rratliff)
There’s an internal defect on this that cites CSCvb33351 as the source of the fix for this problem, fixed in 12.0. Interestingly enough for me in Firefox (on 12.0) I don’t get ccmadmin passwords auto-populated in ssh fields, but I do get saved ssh username/passwords auto-populated in the ccmadm

Re: [cisco-voip] CUCM and Auto Fill Credentials

2018-03-15 Thread Anthony Holloway
For the record, per request via a private reply from a Cisco employee (not Ryan), I emailed the Cisco PSIRT team about this issue. On Thu, Mar 15, 2018 at 10:36 AM Ryan Ratliff (rratliff) wrote: > There’s an internal defect on this that cites CSCvb33351 as the source of > the fix for this proble

Re: [cisco-voip] session target dns

2018-03-15 Thread Ed Leatherman
I get the impression that im the first customer on these new sbc's. On Thu, Mar 15, 2018, 11:12 AM Anthony Holloway < avholloway+cisco-v...@gmail.com> wrote: > Wow. So you pointed out a flaw in the provider network. Presumably, they > were hosting other customers with the same setup; so how in

Re: [cisco-voip] CUCM and Auto Fill Credentials

2018-03-15 Thread Lelio Fulgenzi
Thank you very much for bring this to the group’s attention. And for providing some great troubleshooting steps to see whether we might be affected. Thanks to others for providing other information as well. On the one hand, I see it being a browser issue – autocompleting when it shouldn’t (al

Re: [cisco-voip] CUCM and Auto Fill Credentials

2018-03-15 Thread Lelio Fulgenzi
Curious to what the fix is Ryan? Modifying the attributes in the form? Not storing these passwords in the phone config? --- Lelio Fulgenzi, B.A. | Senior Analyst Computing and Communications Services | University of Guelph Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1

Re: [cisco-voip] session target dns

2018-03-15 Thread Anthony Holloway
Will the SIP provider remain nameless in this thread? ;) On Thu, Mar 15, 2018 at 10:58 AM Ed Leatherman wrote: > I get the impression that im the first customer on these new sbc's. > > On Thu, Mar 15, 2018, 11:12 AM Anthony Holloway < > avholloway+cisco-v...@gmail.com> wrote: > >> Wow. So you

Re: [cisco-voip] CUCM and Auto Fill Credentials

2018-03-15 Thread Anthony Holloway
It's certainly a complicated problem: . Also, Cisco is storing the password in the DB encrypted, as you could see by modifying the SQL query to: *run sql select name, sshuserid, sshpassword from device where sshuserid is not null and sshuserid <> ''* Which is what the defect Ryan posted is talki

Re: [cisco-voip] session target dns

2018-03-15 Thread Ed Leatherman
I'm not going to explicitly call them out but its in debug snippet from previous post :) It's a regional SP, in their defense they have been willing to work with me on it. On Thu, Mar 15, 2018 at 12:41 PM, Anthony Holloway < avholloway+cisco-v...@gmail.com> wrote: > Will the SIP provider remain

Re: [cisco-voip] CUCM and Auto Fill Credentials

2018-03-15 Thread Ryan Ratliff (rratliff)
With respect to storing passwords the intent for the ssh username/password field for IP phones is something that was generally not considered very sensitive info. The separation of ssh credentials from enabling SSH was also done to help mitigate the fact that this info is available to anyone by

[cisco-voip] Wireless Phones

2018-03-15 Thread Natambu Obleton
What are people using for wireless phones? Any good experiences? TIA -- Natambu Obleton CISSP #370414 CCIE #38491 Director of Network Engineering and Operations FastTrack Communications, Inc. 970.828.1009 ___ cisco-voip mailing list cisco-voip@puck.ne

Re: [cisco-voip] CUCM and Auto Fill Credentials

2018-03-15 Thread Charles Goldsmith
Interestingly, none of these files come up for me on a 11.5.1.13902 system. I can pull an XML file as Anthony showed previously, but not these files. On 9.1.2 and 11.0.1.2000 systems, I can view them just fine. Did something change in 11.5.1 or so to now allow these files? I don't receive an er

Re: [cisco-voip] CUCM and Auto Fill Credentials

2018-03-15 Thread Charles Goldsmith
Anthony, pertaining to this tidbit about 3rd party password tools, I've found at least with LastPass this is not the case. In testing this, I'm using Firefox ESR latest, on Windows 7 fully patched and the latest Lastpass update that it's still allowing firefox to insert the credentials if you have

Re: [cisco-voip] CUCM and Auto Fill Credentials

2018-03-15 Thread Anthony Holloway
Charles, Sounds good, and thank you for the input. As for clearing the SSH stuff, you could run: *run sql update device set (sshuserid, sshpassword) = ('', '') where sshuserid is not null and sshuserid <> ''* On Thu, Mar 15, 2018 at 6:50 PM Charles Goldsmith wrote: > Anthony, pertaining to th

Re: [cisco-voip] CUCM and Auto Fill Credentials

2018-03-15 Thread Benjamin Turner
Running 11.5 and I tested on a few admin users and got clear txt using the tftp address and SEPMac address.cnf.xml Dang!!! Get Outlook for Android From: cisco-voip on behalf of Anthony Holloway Sent: Thursday, March 15, 2018 9:38:11 PM

Re: [cisco-voip] CUBE DTMF

2018-03-15 Thread GR
Thanks Anthony. So no need to configure digit drop ? Even if I am doing RFC2833 on one leg and advertise both Inband and OOB on second leg. Sent from my iPhone > On 16 Mar 2018, at 2:10 am, Anthony Holloway > wrote: > > I was going to mention that CUBE doesn't support rtp-nte to sip-kpml >