OsmoSGSN doesn't authenticate on second/further ATTACH REQUEST
When a new/unknown MS performs an ATTACH REQUEST for the first time, it is authenticated.
However, if that same MS later performs a second ATTACH REQUEST, even with new P-TMSI/TLLI, it is not authenticated and we simply send an ATTACH ACCEPT. This is a security problem, as it means anyone can impersonate other known-existing IMSIs.
#3 Updated by lynxis about 2 months ago
- Status changed from In Progress to Stalled
- % Done changed from 0 to 50
I've started to refactor the whole GMM Attach Request handling into one fsm.
This issue is already fixed in the new fsm implementation.
I've created the ttcn3 testcase