-
Type:
Bug
-
Status: Closed
-
Resolution: Fixed
-
Affects Version/s: 2.10
-
Fix Version/s: None
-
Component/s: ARI User Portal
-
Labels:None
fw_ari module 2.10.0rc1.2 published 3 days ago exposed a bug that allows the ARI admin credentials to be discovered with no authentication. Other more sensitive credentials were not exposed. Similar credentials can also be viewed with authenticated users in FreePBX admin for the similar root cause.