Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. For example, an attacker can make a /ari/asterisk/variable?variable=AMPDBPASS API call.
References
Link | Resource |
---|---|
https://qsecure.com.cy/resources/advisories/sangoma-freepbx-linux-insecure-permissions | Third Party Advisory |
https://www.freepbx.org | Product |
https://www.sangoma.com/products/open-source/ | Product |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-04-26T00:00:00
Updated: 2023-04-26T00:00:00
Reserved: 2023-02-26T00:00:00
Link: CVE-2023-26567
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-04-26T20:15:09.860
Modified: 2023-05-05T15:10:19.097
Link: CVE-2023-26567
JSON object: View
Redhat Information
No data.
CWE