Ahhh…
One of the usual suspects. Thanks for the follow up for the benefit of others.
BTW…
the iax password is preformed by asterisk and we do use a older version of asteisk that will still support app_rpt
So, yes, it is a bit vintage. If it concerns you for security, make it longer.
and/or make sure you are running your firewall & fail2ban.