<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.3059" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT size=2>It only takes one professor who raised 15 million dollars in
research money to complain loud enough where we would be required to back out of
these changes. :(</FONT></DIV>
<DIV> </DIV>
<DIV>--------------------------------------------------------------------------------<BR>Lelio
Fulgenzi, B.A.<BR>Senior Analyst (CCS) * University of Guelph * Guelph, Ontario
N1G 2W1<BR>(519) 824-4120 x56354 (519) 767-1060 FAX
(JNHN)<BR>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
<BR>...there's no such thing as a bad timbit...<BR></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=craig@staffin.org href="mailto:craig@staffin.org">Craig Staffin</A>
</DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=lelio@uoguelph.ca
href="mailto:lelio@uoguelph.ca">Lelio Fulgenzi</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Cc:</B> <A title=cisco-voip@puck.nether.net
href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Thursday, April 05, 2007 11:50
AM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: [cisco-voip] Unity 4.2
versus 4.05 sign on</DIV>
<DIV><BR></DIV>just curious but how many people do you have typing in the
wrong passwords?<BR><BR>on almost all of the legacy TDM systems this has been
normal for the past 15 years.<BR><BR>Craig<BR><BR>
<DIV><SPAN class=gmail_quote>On 4/5/07, <B class=gmail_sendername>Lelio
Fulgenzi</B> <<A href="mailto:lelio@uoguelph.ca">lelio@uoguelph.ca</A>>
wrote:</SPAN>
<BLOCKQUOTE class=gmail_quote
style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid">
<DIV bgcolor="#ffffff">
<DIV><FONT size=2>Can the Cisco people on this list please let the power(s)
that be know that arbitrarily calling something a 'security hole'
after 2 major versions in and more than 5 years into deployment for some
places and NOT giving us the opportunity to keep using the same
behaviour is, well, expected, but still dissappointing.</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>This is going to cause nothing but headaches from our
end.</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>I thought Cisco was supposed to be "customer focused"
?</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV> </DIV>
<DIV><FONT
size=2>--------------------------------------------------------------------------------<BR>Lelio
Fulgenzi, B.A.<BR>Senior Analyst (CCS) * University of Guelph * Guelph,
Ontario N1G 2W1<BR>(519) 824-4120 x56354 (519) 767-1060 FAX
(JNHN)<BR>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
<BR>...there's no such thing as a bad timbit...<BR></FONT></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: rgb(0,0,0) 2px solid; MARGIN-RIGHT: 0px">
<DIV
style="FONT: 10pt arial; font-size-adjust: none; font-stretch: normal">-----
Original Message ----- </DIV>
<DIV
style="BACKGROUND: rgb(228,228,228) 0% 50%; FONT: 10pt arial; font-size-adjust: none; font-stretch: normal; moz-background-clip: -moz-initial; moz-background-origin: -moz-initial; moz-background-inline-policy: -moz-initial"><B>From:</B>
<A title=CarlosOrtiz@bayviewfinancial.com
onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:CarlosOrtiz@bayviewfinancial.com"
target=_blank>CarlosOrtiz@bayviewfinancial.com</A> </DIV>
<DIV
style="FONT: 10pt arial; font-size-adjust: none; font-stretch: normal"><B>To:</B>
<A title=cisco-voip@puck.nether.net
onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:cisco-voip@puck.nether.net"
target=_blank>cisco-voip@puck.nether.net</A> </DIV>
<DIV
style="FONT: 10pt arial; font-size-adjust: none; font-stretch: normal"><B>Sent:</B>
Thursday, April 05, 2007 10:25 AM</DIV>
<DIV
style="FONT: 10pt arial; font-size-adjust: none; font-stretch: normal"><B>Subject:</B>
Re: [cisco-voip] Unity 4.2 versus 4.05 sign on</DIV>
<DIV><BR></DIV><BR><FONT face=sans-serif size=2>I got an answer from one
of my partner SE's. FYI for everyone.</FONT> <BR>
<P><FONT size=2><B>Symptom:</B></FONT><FONT size=3>
</FONT></P>
<P><FONT size=2>After calling Unity from a primary or alternate extension
and entering an incorrect password, Unity reprompts the subscriber to
enter their ID.</FONT><FONT size=3> </FONT></P>
<P><FONT size=2><B>Conditions:</B></FONT><FONT size=3>
</FONT></P>
<P><FONT size=2>Seen with Cisco Unity 4.2(1) when a subscriber calls Unity
from a known extension (primary or alternate), and enters an incorrect
password. In previous releases, if an incorrect password was entered,
Unity would reprompt for the password. With sign-in enhancements in
4.2(1), Unity now prompts for the ID if an invalid password is
received.</FONT><FONT size=3> </FONT></P>
<P><FONT size=2><B>Workaround:</B></FONT><FONT size=3>
</FONT></P>
<P><FONT size=2>None.</FONT><FONT size=3> </FONT></P>
<P><FONT size=2>The Unity DE's have reported that this design modification
was to fix what they believed to be a security hole.</FONT><FONT size=3>
</FONT><FONT size=2>This will be the expected behavior for Unity 4.2.1 and
forward.</FONT><FONT size=3> </FONT><FONT size=2>Currently there is no
plan by the Unity Business Unit to change this behavior or give customers
access to change the behavior.</FONT><FONT size=3> </FONT></P>
<P><BR><BR><BR>
<TABLE width="100%">
<TBODY>
<TR vAlign=top>
<TD width="40%"><FONT face=sans-serif size=1><B>Carlos
Ortiz/MIA/BAY/BFTG</B> </FONT>
<P><FONT face=sans-serif size=1>04/05/2007 09:21 AM</FONT> </P></TD>
<TD width="59%">
<TABLE width="100%">
<TBODY>
<TR vAlign=top>
<TD>
<DIV align=right><FONT face=sans-serif
size=1>To</FONT></DIV></TD>
<TD><FONT face=sans-serif size=1>Cisco-Voip List</FONT> </TD></TR>
<TR vAlign=top>
<TD>
<DIV align=right><FONT face=sans-serif
size=1>cc</FONT></DIV></TD>
<TD></TD></TR>
<TR vAlign=top>
<TD>
<DIV align=right><FONT face=sans-serif
size=1>Subject</FONT></DIV></TD>
<TD><FONT face=sans-serif size=1>Unity 4.2 versus
4.05</FONT></TD></TR></TBODY></TABLE><BR>
<TABLE>
<TBODY>
<TR vAlign=top>
<TD></TD>
<TD></TD></TR></TBODY></TABLE><BR></TD></TR></TBODY></TABLE><BR><BR><FONT
face=sans-serif size=2>In Unity 4.05 when a user enters the wrong password
they are prompted to re-enter their password. In 4.2 they are
prompted to enter their ID(extension) AND then their password.
Is there any way to change it to behave like 4.05 or is this just a
change we have to live with.</FONT> <BR><BR><FONT face=sans-serif
size=2>Carlos</FONT> <BR></P>
<P></P>
<HR>
<P></P>_______________________________________________<BR>cisco-voip
mailing list<BR><A onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:cisco-voip@puck.nether.net"
target=_blank>cisco-voip@puck.nether.net</A><BR><A
onclick="return top.js.OpenExtLink(window,event,this)"
href="https://puck.nether.net/mailman/listinfo/cisco-voip"
target=_blank>https://puck.nether.net/mailman/listinfo/cisco-voip</A><BR>
<P></P>
<P></P>
<P></P>
<P></P>
<P></P>
<P></P>
<P></P>
<P></P>
<P></P></BLOCKQUOTE></DIV><BR>_______________________________________________<BR>cisco-voip
mailing list<BR><A onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</A><BR><A
onclick="return top.js.OpenExtLink(window,event,this)"
href="https://puck.nether.net/mailman/listinfo/cisco-voip"
target=_blank>https://puck.nether.net/mailman/listinfo/cisco-voip</A><BR><BR></BLOCKQUOTE></DIV><BR><BR
clear=all><BR>-- <BR>Craig Staffin<BR><A
href="mailto:Craig@staffin.org">Craig@staffin.org</A><BR>(H)
262-437-7313<BR>(C) 262-613-6003 </BLOCKQUOTE></BODY></HTML>