I do love their logo.
Ward Mundy, of Nerd Vittles / PBX in a Flash fame, warns of a FreePBX Security Vulnerability allowing a system to be compromised simply by displaying a CDR report in the FreePBX browser.
There is a very serious security vulnerability that needs to be patched by loading the very latest version of FreePBX Framework as soon as it becomes available for your version of FreePBX. Just displaying a CDR report in the FreePBX browser could compromise your system.
The 2.5 and 2.6 patches already have been released and probably 2.7 as well. Load this patch IMMEDIATELY!!!
Setup, Module Admin, Check for Updates on Line, Upgrade All
2.5.2.3: #4223 Security Vulnerability
2.6.0.2: #3805, #3707, #4188, #4223 Security Vulnerability
For more information, check out the PBX in a Flash Forum.
Pingback: Tweets that mention FreePBX Security Vulnerability: Ward Mundy, of Nerd Vittles / PBX in a Flash fame, warns of a FreePBX Security Vul... -- Topsy.com
Pingback: Fred Posner
Hi,
I discovered the same problem, when using FreePBX! I use Ozeki VoIP SIP SDK, that supports FreePBX: http://voip-sip-sdk.com/p_35-ozeki-voip-sip-sdk-with-freepbx-voip.html
I have contacted their support team, and they were very helpful in solving this problem for me. I do need your opinion on this system, however. I have been trying out various systems, and the one above seems working just fine. This has a great advantage in being very flexible. What do you think about this?
Benjamin