Ticket #3552 (closed Feature Requests: fixed)

Opened 4 years ago

Last modified 3 years ago

Change ARI admin password from GUI

Reported by: jroper Assigned to: sasargen
Priority: major Milestone: Undetermined
Component: ARI Version:
Keywords: Cc:
Confirmation: Unreviewed Distro:
Backend Engine: All Distro Ver:
Backend Ver: SVN Revision (if applicable):

Description

The ARI admin password is hardcoded into webroot/recordings/includes/main.conf.php and is set as ari_password.

This password allows the admin login to view all calls made and received and to download recordings.

This is a little known feature, albeit a potentially useful one, however, I would doubt that this password ever gets changed in the majority of systems, and thus presents something of a security risk in terms of data being stolen.

It would have more chance of being changed if it were exposed in the FreePBX interface under the General settings page.

Joe

Change History

06/15/09 04:37:07 changed by Oleh

This ticket is related with the ticket #3708 http://www.freepbx.org/trac/ticket/3708

06/15/09 09:10:20 changed by p_lindheimer

  • owner changed from p_lindheimer to sasargen.
  • component changed from - choose - to ARI.

08/15/09 21:19:36 changed by p_lindheimer

  • version deleted.
  • milestone changed from 2.6 to 2.7.

04/08/10 16:50:50 changed by mickecarlsson

(In [9466]) Re #3552 and re #3708, prep to move admin password from ari to amportal

04/08/10 16:54:29 changed by mickecarlsson

(In [9467]) Re #3552 and re #3708, modification of ari to move default admin password to amportal.conf

04/08/10 16:58:04 changed by mickecarlsson

(In [9468]) Re #3552 and re #3708, modification of framework to add check for default ari password and warning about it

04/08/10 17:08:51 changed by mickecarlsson

  • status changed from new to closed.
  • resolution set to fixed.