[cisco-voip] Unity 4.2 versus 4.05 sign on

Lelio Fulgenzi lelio at uoguelph.ca
Thu Apr 5 11:45:58 EDT 2007 

Can the Cisco people on this list please let the power(s) that be know that arbitrarily calling something a 'security hole'  after 2 major versions in and more than 5 years into deployment for some places and NOT giving us the opportunity to keep using the same behaviour is, well, expected, but still dissappointing.

This is going to cause nothing but headaches from our end.

I thought Cisco was supposed to be "customer focused" ?


--------------------------------------------------------------------------------
Lelio Fulgenzi, B.A.
Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1
(519) 824-4120 x56354 (519) 767-1060 FAX (JNHN)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 
...there's no such thing as a bad timbit...

  ----- Original Message ----- 
  From: CarlosOrtiz at bayviewfinancial.com 
  To: cisco-voip at puck.nether.net 
  Sent: Thursday, April 05, 2007 10:25 AM
  Subject: Re: [cisco-voip] Unity 4.2 versus 4.05 sign on



  I got an answer from one of my partner SE's.  FYI for everyone. 

  <B>Symptom:</B> 

  After calling Unity from a primary or alternate extension and entering an incorrect password, Unity reprompts the subscriber to enter their ID. 

  <B>Conditions:</B> 

  Seen with Cisco Unity 4.2(1) when a subscriber calls Unity from a known extension (primary or alternate), and enters an incorrect password. In previous releases, if an incorrect password was entered, Unity would reprompt for the password. With sign-in enhancements in 4.2(1), Unity now prompts for the ID if an invalid password is received. 

  <B>Workaround:</B> 

  None. 

  The Unity DE's have reported that this design modification was to fix what they believed to be a security hole. This will be the expected behavior for Unity 4.2.1 and forward. Currently there is no plan by the Unity Business Unit to change this behavior or give customers access to change the behavior. 




        Carlos Ortiz/MIA/BAY/BFTG 
        04/05/2007 09:21 AM 
       To Cisco-Voip List  
              cc  
              Subject Unity 4.2 versus 4.05 

              

       


  In Unity 4.05 when a user enters the wrong password they are prompted to re-enter their password.  In 4.2 they are prompted to enter their ID(extension)  AND then their password.  Is there any way to change it to behave like 4.05 or is this just a change we have to live with. 

  Carlos 




------------------------------------------------------------------------------


  _______________________________________________
  cisco-voip mailing list
  cisco-voip at puck.nether.net
  https://puck.nether.net/mailman/listinfo/cisco-voip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/cisco-voip/attachments/20070405/aa3ba474/attachment.html

More information about the cisco-voip mailing list