Bug #2958
OsmoSGSN doesn't authenticate on second/further ATTACH REQUEST
Start date:
02/17/2018
Due date:
% Done:
0%
Spec Reference:
Description
When a new/unknown MS performs an ATTACH REQUEST for the first time, it is authenticated.
However, if that same MS later performs a second ATTACH REQUEST, even with new P-TMSI/TLLI, it is not authenticated and we simply send an ATTACH ACCEPT. This is a security problem, as it means anyone can impersonate other known-existing IMSIs.