Uploaded image for project: 'FreePBX'
  1. FreePBX
  2. FREEPBX-5582

Security issue ARI admin credentials can be derived from unauthenticated user

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Resolution: Fixed
    • Affects Version/s: 2.10
    • Fix Version/s: None
    • Component/s: ARI User Portal
    • Labels:
      None

      Description

      fw_ari module 2.10.0rc1.2 published 3 days ago exposed a bug that allows the ARI admin credentials to be discovered with no authentication. Other more sensitive credentials were not exposed. Similar credentials can also be viewed with authenticated users in FreePBX admin for the similar root cause.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                plindheimer PL
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  NextupJiraPlusStatus

                  Error rendering 'slack.nextup.jira:nextup-jira-plus-status'. Please contact your Jira administrators.