Open Source Training Seminar FreePBX Paid Support

Ticket #1967 (closed Bugs: invalid)

Opened 1 year ago

Last modified 1 year ago

Security on Asterisk Logs Module

Reported by: davidmiller Assigned to:
Priority: major Milestone: 2.3
Component: Other Module Version: 2.3-branch
Keywords: Security Asterisk Log Module Cc:
Confirmation: SVN Revision (if applicable):
Backend Engine: Asterisk 1.2.x Backend Engine Version: 1.2.18

Description (Last modified by p_lindheimer)

When using DB authentication in FrePBX 2.2.1 (installed with Trixbox 2.2) the URL https://server.name.com/admin/modules/logfiles/asterisk-full-log.php can be used to view the Asterisk log without logging into FreePBX (bypassing the FreePBX DB security).

This is probably related to Bug #1482

Change History

05/31/07 08:45:48 changed by p_lindheimer

  • description changed.

06/09/07 02:39:34 changed by p_lindheimer

  • version changed from 2.2.1 to 2.3-branch.

07/12/07 18:28:21 changed by p_lindheimer

  • status changed from new to closed.
  • resolution set to invalid.

this is an apache/.htaccess config issue. We will look into putting a sample example .htaccess config file for guidance but it's going to depend on the installation.

Donate



Support
Download
Develop
Forums
News
Documentation
Paid Support
About

Paid Ads