Ticket #3660 (closed Bugs: fixed)

Opened 1 year ago

Last modified 1 year ago

CSS and CSRF Security Vulnerabilities and User Account Enumeration

Reported by: p_lindheimer Assigned to:
Priority: minor Milestone: 2.6
Component: FreePBX Framework Version: 2.5-branch
Keywords: Cc:
Confirmation: Confirmed SVN Revision (if applicable):
Backend Engine: All Backend Engine Version:

Description

Various CSS and CSRF vulnerabilities are present within FreePBX including the User Portal (ARI) and the Reports application within FreePBX. These vulnerabilities would only effect an already authenticated login to FreePBX and given the nature of the vulnerabilities, they are very low risk although they are real and will be addressed immediately.

There is also a User Account Enumeration issue in the ARI.

These issues exist in most releases of FreePBX, fixes will be provided for 2.4, 2.5 and trunk (soon to be 2.6).

The vulnerabilities were reported with discretion by Secunia Research and will be published shortly on their site as Secunia Advisory SA34772:

http://secunia.com/advisories/34772/

Change History

05/06/09 19:24:19 changed by p_lindheimer

  • status changed from new to closed.
  • resolution set to fixed.

These have been resolved and published out to the online module repository, the published modules are referenced below:

2.4: r7659
2.5: r7650, r7651
2.6/trunk: r7660, r7661

05/08/09 08:02:29 changed by p_lindheimer

(In [7699]) create more friendly error page with option to proceed with suspect link re #3660

05/08/09 08:05:32 changed by p_lindheimer

(In [7700]) Merged revisions 7699 via svnmerge from http://svn.freepbx.org/freepbx/trunk

........

r7699 | p_lindheimer | 2009-05-08 08:02:29 -0700 (Fri, 08 May 2009) | 1 line

create more friendly error page with option to proceed with suspect link re #3660

........

05/08/09 08:14:42 changed by p_lindheimer

(In [7701]) Merged revisions 7700 via svnmerge from http://svn.freepbx.org/freepbx/branches/2.5

r7699 | p_lindheimer | 2009-05-08 08:02:29 -0700 (Fri, 08 May 2009) | 1 line

create more friendly error page with option to proceed with suspect link re #3660

................

05/08/09 10:28:16 changed by p_lindheimer

(In [7705]) fixes error when using explicit ports other than 80 or using a fqdn to access pbx re #3660

05/08/09 10:29:49 changed by p_lindheimer

(In [7706]) Merged revisions 7705 via svnmerge from http://svn.freepbx.org/freepbx/trunk

........

r7705 | p_lindheimer | 2009-05-08 10:28:15 -0700 (Fri, 08 May 2009) | 1 line

fixes error when using explicit ports other than 80 or using a fqdn to access pbx re #3660

........

05/08/09 10:31:39 changed by p_lindheimer

(In [7707]) Merged revisions 7706 via svnmerge from http://svn.freepbx.org/freepbx/branches/2.5 ................

r7705 | p_lindheimer | 2009-05-08 10:28:15 -0700 (Fri, 08 May 2009) | 1 line

fixes error when using explicit ports other than 80 or using a fqdn to access pbx re #3660

................