[contribteam] [Bug 12463] ARI default username/password

Fri, 02 Feb 2024 13:35:10 -0800 

https://bugs.koozali.org/show_bug.cgi?id=12463

            Bug ID: 12463
           Summary: ARI default username/password
    Classification: Contribs
           Product: SME Contribs
           Version: 10.0
          Hardware: ---
                OS: ---
            Status: CONFIRMED
          Severity: normal
          Priority: P3
         Component: smeserver-freepbx
          Assignee: [email protected]
          Reporter: [email protected]
        QA Contact: [email protected]
                CC: [email protected]
  Target Milestone: ---

see 
https://community.freepbx.org/t/recent-reports-of-ari-exploit-on-freepbx-systems/88403

we have for years set our own generated password, but we keep using the
freepbxuser as ARI user, hence the alert in the last month you can see in your
dashboard.


the temp fix is to change username:
fwconsole  -q setting FPBX_ARI_USER randomuser


we should generate a new username
smeserver-freepbx-14/root/etc/e-smith/db/configuration/migrate/freepbx

-my $aripass =  $freepbx->prop('AriPassword') ||
        $freepbx->set_prop('AriPassword', `/usr/bin/openssl rand -base64 10 |
/usr/bin/tr -c -d '[:alnum:]'`)
+my $aripass =  $freepbx->prop('AriPassword') ||
        $freepbx->set_prop('AriPassword', `/usr/bin/openssl rand -base64 25 |
/usr/bin/tr -c -d '[:alnum:]'`)
+my $ariuser =  $freepbx->prop('AriUser') ||
        $freepbx->set_prop('AriUser', `/usr/bin/openssl rand -base64 12 |
/usr/bin/tr -c -d '[:alnum:]'`)



then update this file:
smeserver-freepbx-14/root/etc/e-smith/events/actions/freepbx-amportal.conf
-$fwconsole setting ARI_ADMIN_PASSWORD $(/sbin/e-smith/db configuration getprop
freepbx AriPassword) 2>/dev/null 1>&2
+$fwconsole -q setting ARI_ADMIN_PASSWORD $(/sbin/e-smith/db configuration
getprop freepbx AriPassword)
+$fwconsole -q setting ARI_USER $(/sbin/e-smith/db configuration getprop
freepbx AriUser)


$FPBX_SETTING_PATH ARI_ADMIN_PASSWORD $(/sbin/e-smith/db configuration getprop
freepbx AriPassword)
$FPBX_SETTING_PATH ARI_USER $(/sbin/e-smith/db configuration getprop freepbx
AriUser)

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
_______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail [email protected]
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

Reply via email to