A New Internet-Draft is available from the on-line Internet-Drafts
directories.
Title : SIP digest authentication relay attack
Author(s) : R. State, O. Festor, H. Abdelnur, V. Pascual, J. Kuthan
Filename : draft-state-sip-relay-attack-00.txt
Pages : 18
Date : 2009-3-2
The Session Initiation Protocol (SIP [RFC3261]) provides a mechanism
for creating, modifying, and terminating sessions with one or more
participants. This document describes a vulnerability of SIP
combined with HTTP Digest Access Authentication [RFC2617] through
which an attacker can leverage the victim's credentials to send
authenticated requests on his behalf. This attack is different from
the man-in-the-middle (MITM) attack and does not require any
eavesdropping, DNS or IP spoofing.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-state-sip-relay-attack-00.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
- <ftp://ftp.ietf.org/internet-drafts/draft-state-sip-relay-attack-00.txt>
-
_______________________________________________
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
