id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	confirmation	distro	engine	distro_ver	engine_version	svn_rev
5585	Security issue ARI admin credentials can be derived from unauthenticated user	p_lindheimer		fw_ari module 2.10.0rc1.2 published 3 days ago exposed a bug that allows the ARI admin credentials to be discovered with no authentication. Other more sensitive credentials were not exposed. Similar credentials can also be viewed with authenticated users in FreePBX admin for the similar root cause.	Bugs	closed	major	2.10	ARI	2.10-branch	fixed			Confirmed		All