I'm not sure I understand why it was a security hole, if you have it configured to lock out after X number of attempts anyway? Or was it something else?<br><br><div><span class="gmail_quote">On 4/5/07, <b class="gmail_sendername">
<a href="mailto:CarlosOrtiz@bayviewfinancial.com">CarlosOrtiz@bayviewfinancial.com</a></b> <<a href="mailto:CarlosOrtiz@bayviewfinancial.com">CarlosOrtiz@bayviewfinancial.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br><font face="sans-serif" size="2">I got an answer from one of my partner
SE's. FYI for everyone.</font>
<br>
<p><font size="2"><B>Symptom:</B></font><font size="3"> </font>
</p><p><font size="2">After calling Unity from a primary or alternate extension
and entering an incorrect password, Unity reprompts the subscriber to enter
their ID.</font><font size="3"> </font>
</p><p><font size="2"><B>Conditions:</B></font><font size="3"> </font>
</p><p><font size="2">Seen with Cisco Unity 4.2(1) when a subscriber calls Unity
from a known extension (primary or alternate), and enters an incorrect
password. In previous releases, if an incorrect password was entered, Unity
would reprompt for the password. With sign-in enhancements in 4.2(1), Unity
now prompts for the ID if an invalid password is received.</font><font size="3">
</font>
</p><p><font size="2"><B>Workaround:</B></font><font size="3"> </font>
</p><p><font size="2">None.</font><font size="3"> </font>
</p><p><font size="2">The Unity DE's have reported that this design modification
was to fix what they believed to be a security hole.</font><font size="3">
</font><font size="2">This will be the expected behavior for Unity 4.2.1
and forward.</font><font size="3"> </font><font size="2">Currently there is
no plan by the Unity Business Unit to change this behavior or give customers
access to change the behavior.</font><font size="3"> </font>
</p><p>
<br>
<br>
<br>
<table width="100%">
<tbody><tr valign="top">
<td width="40%"><font face="sans-serif" size="1"><b>Carlos Ortiz/MIA/BAY/BFTG</b>
</font>
<p><font face="sans-serif" size="1">04/05/2007 09:21 AM</font>
</p></td><td width="59%">
<table width="100%">
<tbody><tr valign="top">
<td>
<div align="right"><font face="sans-serif" size="1">To</font></div>
</td><td><font face="sans-serif" size="1">Cisco-Voip List</font>
</td></tr><tr valign="top">
<td>
<div align="right"><font face="sans-serif" size="1">cc</font></div>
</td><td>
<br></td></tr><tr valign="top">
<td>
<div align="right"><font face="sans-serif" size="1">Subject</font></div>
</td><td><font face="sans-serif" size="1">Unity 4.2 versus 4.05</font></td></tr></tbody></table>
<br>
<table>
<tbody><tr valign="top">
<td>
<br></td><td><br></td></tr></tbody></table>
<br></td></tr></tbody></table>
<br>
<br><font face="sans-serif" size="2">In Unity 4.05 when a user enters the
wrong password they are prompted to re-enter their password. In 4.2
they are prompted to enter their ID(extension) AND then their password.
Is there any way to change it to behave like 4.05 or is this just
a change we have to live with.</font>
<br>
<br><font face="sans-serif" size="2">Carlos</font>
<br></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><br>_______________________________________________<br>cisco-voip mailing list<br><a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:cisco-voip@puck.nether.net">
cisco-voip@puck.nether.net</a><br><a onclick="return top.js.OpenExtLink(window,event,this)" href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a>
<br><br></blockquote></div><br><br clear="all"><br>-- <br>Ed Leatherman<br>Senior Voice Engineer<br>West Virginia University<br>Telecommunications and Network Operations