Uploaded image for project: 'FreePBX'
  1. FreePBX
  2. FREEPBX-22216

Attempts to brute force the password for the web interface (UCP and Admin) are incorrectly recorded in the log files

    XMLWordPrintable

    Details

    • ToDo:
    • Distro:
      FreePBX Distro

      Description

      HI

      I found that attempts to guess the password for the web interface are not recorded correctly in the logs

      in case of entering incorrect data in the login and password input field, the following entry is written to the log

       

       

      
 SECURITY[13168]: res_security_log.c:114 security_event_stasis_cb: SecurityEvent="SuccessfulAuth",EventTV="2021-01-25T11:59:50.958+0300",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x1ba3b90",LocalAddress="IPV4/TCP/0.0.0.0/5038",RemoteAddress="IPV4/TCP/127.0.0.1/60158",UsingPassword="0",SessionTV="2021-01-25T11:59:50.958+0300"

       

       

      and for example unsuccessful attempts to connect via sip are displayed like this

      
NOTICE[7274]: res_pjsip/pjsip_distributor.c:676 log_failed_request: Request 'REGISTER' from '"1666" <sip:1666@X.X.X.X>' failed for '52.162.203.157:5499' (callid: 1339578320) - Failed to authenticate

      and these addresses are blocked by the firewall regardless of the selected zone
      I did check this from different IP addresses, the result is always the same

       

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                snaggy snaggy
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  NextupJiraPlusStatus

                  Error rendering 'slack.nextup.jira:nextup-jira-plus-status'. Please contact your Jira administrators.