Open Source Training Seminar FreePBX Paid Support

Ticket #1208 (closed Bugs: fixed)

Opened 2 years ago

Last modified 2 years ago

freepbx displays the manager password on the gui

Reported by: diego_iastrubni Assigned to:
Priority: minor Milestone:
Component: Web interface Version: 2.2beta1
Keywords: Cc:
Confirmation: SVN Revision (if applicable):
Backend Engine: All Backend Engine Version:

Description

when freepbx tries to connect to the manager and it fails, it will display on the web gui the username and password. this can be used by an attacker to get the username and password of the manager.

i think that displaying the username and password is a security break, and should be removed. if something does not work, it should be logged, and the administrator should look into the logs in a secure way - and http is not a secure way.

Change History

11/08/06 09:29:08 changed by vgster

When I tried this I got

Cannot connect to Asterisk Manager with admin Asterisk may not be running.

It didn't show a password. I tried it with 2.2b2.

11/08/06 15:51:53 changed by RobThomas

  • status changed from new to closed.
  • resolution set to fixed.
Donate



Support
Download
Develop
Forums
News
Documentation
Paid Support
About

Paid Ads