Summary:ASTERISK-08204: Voicemail password problem with users.conf
Reporter:Dome C. (dome)Labels:
Date Opened:2006-11-28 10:31:50.000-0600Date Closed:2007-01-16 12:20:48.000-0600
Versions:Frequency of
Environment:Attachments:( 0) app_voicemail.diff
Description:I'm not sure users.conf support vm password.
when i create new account with vm. user can check vm without password.
when try to change vm password it's work untill reload config or restart asterisk.
in function change_pass in app_voicemail.c not support users.conf

Comments:By: Jason Parker (jparker) 2006-11-28 12:52:13.000-0600

This is definitely an issue, but, there are some issues with making it change users.conf instead of voicemail.conf.

If you set hassip or hasiax or whatever, and change your password from voicemail, it would ALSO change your sip/iax/whatever password, which means your phone would pretty much immediately stop working.

Basically, we have two options.  I don't know which one is best, and I think it's going to take a bit of discussion to figure it out.

1) "Fix" voicemail so that you can change the password in users.conf.  As stated above, this would break phones which are using that account/password.
2) Disable the ability to change password when using users.conf.  Obviously, this is removing functionality.

By: Dome C. (dome) 2006-12-01 01:47:47.000-0600

My idea add new variable in users.conf may be vmpassword=?????.
and modify change_pass in app_voicemail.c

By: James Lyons (james) 2007-01-03 16:02:23.000-0600

I think this is a decent solution to this problem, rather than breaking other features or removing functionality, a workaround using vmpassword should be the only logical solution. Voicemail should edit this in users.conf

By: Edgar Molina (dongato) 2007-01-08 10:59:46.000-0600

My workaround for this issue (It is not the best solution but it even works and it maintains the password after being restart asterisk. I can  check vm with password).

I create mailbox in voicemail.conf with his password.

For example

102 => 123

I am only tester of asterisk. I hope by the solution of this problem .

"I tested asterisk release 1.4.0 tallbar and asterisk GUI"

By: Andrew Payne (payne92) 2007-01-08 14:30:29.000-0600

Ideally, we could support the use of a one-way hash function to store the user passwords, so that it's not possible to steal a VM password by getting the contents of this file.  Many users (unfortunately) use their VM password for other systems, for their bank-card PIN, etc.   As such, clear-text access to passwords can be a signfiicant security problem.

BTW, This is the same issue with the way passwords are stored in Unix-based systems in /etc/password or /etc/shadow.

To accomodate text editing and backwards compatibility, we could have a special prefix char that indicates a "hashed" password, e.g.:


Where the ":" indicates that the password is a hash, and not the actual password.

By: Jason Parker (jparker) 2007-01-08 14:34:43.000-0600

There are much MUCH easier ways to "steal" a password.  To read users.conf, you'd have to already have access to the system.  If you have access to the system, there are dozens of ways the password could be "sniffed".  That is a non-issue, and isn't related this this bug at all.

By: Andrew Payne (payne92) 2007-01-08 14:39:48.000-0600

I just disagree.  Your same line of argument applies to /etc/passwd, yet those passwords are hashed for a good design reason.

And this issue is directly related to this bug, because this bug is about how/where to store user VM passwords, and distinguish them from SIP device secrets (see related bug ASTERISK-8230).

By: Jason Parker (jparker) 2007-01-08 15:58:09.000-0600

1) It would take all of 2 seconds to sniff the password from the rtp stream.
2) This would be a new feature, and wouldn't go into asterisk 1.4
3) It would take about 2 minutes to generate a hash of all 10,000 possibilities (with a 4 digit numeric password), and about 2 seconds to crack it using that hash.

This is not the solution, and it's still not related to this bug.

By: Jason Parker (jparker) 2007-01-08 17:44:32.000-0600

Note for anybody working on a patch for this: With the committal of 8761, we may need to be aware of the fact that the "secret" field may exist (depending on the approach taken to fix this, of course).

By: Anthony LaMantia (alamantia) 2007-01-08 17:46:35.000-0600

qwell, I am working on a patch for this issue right now ;) and have taken note of your recent changes.

By: Anthony LaMantia (alamantia) 2007-01-10 12:32:59.000-0600

in my branch located at http://svn.digium.com/view/asterisk/team/anthonyl/usersconf-vmpassword/

most of the changes required to fix the problem mentioned in this bug are in.
there is a new variable in users.conf called vmpasswrd. if vmpassword isn't set but hasvoicemail is, secret will be used as the voicemail password.

also when changing the voicemail password, the entries in voicemail.conf  as well as users.conf will be updated. if the entires for the user exist in either.

there is still a small amount of work i need to do on this issue, and i will update this issue once i am finished.

By: Anthony LaMantia (alamantia) 2007-01-10 15:00:25.000-0600

i've updated my branch, if anyone wants to test the code out it would be great.
the last bit i still have to add support for is adding vmpassword to the users entry in users.conf in the case that users.conf is being used and vmpassword is not yet set.

By: Sergey Basmanov (sb) 2007-01-11 09:42:03.000-0600

Well, I think best way is to create separate passwords file. Similar to what I did with Authenticate() with md5 hashes. Dealing with config files is not good idea. I never liked idea to keep cleartext passwords in file, especially with other options. I think that in users.conf must be kept first-time cleartext password. And app_vm must check external file first, if password exists. Then look in users.conf, and if password match - present option to change password. Like option 'User must change password on next logon' in winnt. After user enters new password, it stored to external file, and password in users.conf will never be used again.
Any comments?

By: Anthony LaMantia (alamantia) 2007-01-11 12:15:17.000-0600

you really should post you thoughts on that matter to the asterisk-dev list, right now the only thing we should be working towards on this issue in the mantis is getting the existing code working, and resolving the users.conf issue.

you ideas are not bad, this is just really the wrong channel to discuss them.

By: Sergey Basmanov (sb) 2007-01-12 03:52:41.000-0600

Well, actually this is not only idea. I urgently need this feature, so I will write a patch in day-two. I just asked people who watching this issue for comments on my idea. If everything looks fine - I start working on it. Of course, I will post patch here.

By: Sergey Basmanov (sb) 2007-01-12 07:37:07.000-0600

Ok, here it is. Creates file AST_CONF_DIR/vmpasswd
I tested it on my system and it works.
Diff against 1.4.0
Comments are welcome.

By: Anthony LaMantia (alamantia) 2007-01-12 11:35:41.000-0600

please make a new issue regarding this patch.

By: Anthony LaMantia (alamantia) 2007-01-12 17:37:23.000-0600

dome, can you test my branch so we can verify it's working for you?

By: Anthony LaMantia (alamantia) 2007-01-16 12:20:17.000-0600

the changes to resolve this have been commited to 1.4 and trunk.