Cisco Phone User/Password sent in plaintext over network
I was just attempting to diagnose a problem pushing a particular <CiscoIPhoneExecute> xml tag to the phone. I was running a network sniffer on the PC port of my 7960 phone to watch the traffic and discovered something rather troubling.
When you post to the phone, it validates your credentials by doing an http post to the http://CallManager/CCMUser/authenticate.asp. The problem is that the username and password are sent in plaintext and are readily visible in the packets. Anyone running a sniffer on the PC port of the phone can see the username password.
Obviously this is a huge issue for those folks pushing content to the phones using a master user asssociate with all of the phones. Anyone with this password can mess with any of the phones.
I'm running CM 3.1.2(c). I understand some of the phone loads or configurations do not echo all of the phone traffic to the PC port?
I'm not able to access my old voice mail messages all of a sudden. The recording says something like 'the message is currently not available'. This has never happened before in all the years I have been using this system. I have t...
If you have 2 ISR routers, one acting as Failover, do we need to have both the same number of SRST licenses on the 2 routers?
No. You will only need the SRST licenses on the primary router. Because this feature...