Show Posts
1
MiVoice Office 250/Mitel 5000 / Re: SIP Password length
« on: March 16, 2023, 01:26:26 PM »
Sorry to dig up a very old thread, but I wanted to post this in case anyone comes along here in the future, like I did. My version of Mitel 5000 CP does *NOT* support passwords longer than 12 characters. If you input a longer password, it will simply trim all the extra characters.
Software Release Version: 5.1 SP4 PR5
Call Processing Version: 5.1.0.52
Mitel System Administration & Diagnostics Version: 5.2.20.0 (64-Bit)
I confirmed this using packet captures and checking the 2nd SIP REGISTER packet. (The one with the Digest Authentication Response in Wireshark.) Mitel's response did not match the expected response, if you use the below formulas. However, if I truncated my password to 12 characters and ran it through the formulas again, it matched what Mitel was sending.
HA1 = Lowercase MD5 of: {Username}:{Digest Realm}:{Password}
HA2 = Lowercase MD5 of: {Method}:{Digest Authentication URI}
Response = Lowercase MD5 of: {HA1}:{Digest Nonce}:{Digest Nonce Count}:{Digest CNonce}:{Digest QOP}:{HA2}
Note: Method is "REGISTER" when you're registering a SIP trunk, and typically QOP will be "auth", in my experience.
This is also just useful information if you ever want to check that you're sending the correct password when you go through a packet capture. If you're not using CNonce, the formula would just be:
Response = Lowercase MD5 of: {HA1}:{Digest Nonce}:{HA2}
On a side note, I also got 403 Authentication Failure back from my response, but that could just be my SIP provider giving the wrong reply codes.
Software Release Version: 5.1 SP4 PR5
Call Processing Version: 5.1.0.52
Mitel System Administration & Diagnostics Version: 5.2.20.0 (64-Bit)
I confirmed this using packet captures and checking the 2nd SIP REGISTER packet. (The one with the Digest Authentication Response in Wireshark.) Mitel's response did not match the expected response, if you use the below formulas. However, if I truncated my password to 12 characters and ran it through the formulas again, it matched what Mitel was sending.
HA1 = Lowercase MD5 of: {Username}:{Digest Realm}:{Password}
HA2 = Lowercase MD5 of: {Method}:{Digest Authentication URI}
Response = Lowercase MD5 of: {HA1}:{Digest Nonce}:{Digest Nonce Count}:{Digest CNonce}:{Digest QOP}:{HA2}
Note: Method is "REGISTER" when you're registering a SIP trunk, and typically QOP will be "auth", in my experience.
This is also just useful information if you ever want to check that you're sending the correct password when you go through a packet capture. If you're not using CNonce, the formula would just be:
Response = Lowercase MD5 of: {HA1}:{Digest Nonce}:{HA2}
On a side note, I also got 403 Authentication Failure back from my response, but that could just be my SIP provider giving the wrong reply codes.