FreePBX 'gen_amp_conf.php' Credentials Information Disclosure Vulnerability
BID:52048
Info
FreePBX 'gen_amp_conf.php' Credentials Information Disclosure Vulnerability
| Bugtraq ID: | 52048 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 16 2012 12:00AM |
| Updated: | Feb 16 2012 12:00AM |
| Credit: | Doug W |
| Vulnerable: |
freePBX freePBX 2.8.0 freePBX freePBX 2.6 |
| Not Vulnerable: | |
Discussion
FreePBX 'gen_amp_conf.php' Credentials Information Disclosure Vulnerability
FreePBX is prone to an information-disclosure vulnerability that may expose administrator's credentials.
Successful exploits will allow unauthenticated attackers to obtain sensitive information that may aid in further attacks.
FreePBX is prone to an information-disclosure vulnerability that may expose administrator's credentials.
Successful exploits will allow unauthenticated attackers to obtain sensitive information that may aid in further attacks.
Exploit / POC
FreePBX 'gen_amp_conf.php' Credentials Information Disclosure Vulnerability
Attackers can exploit this issue through a browser.
Attackers can exploit this issue through a browser.
Solution / Fix
FreePBX 'gen_amp_conf.php' Credentials Information Disclosure Vulnerability
Solution:
Report indicates that this issue has been fixed. Please contact the vendor for more information.
Solution:
Report indicates that this issue has been fixed. Please contact the vendor for more information.
References
FreePBX 'gen_amp_conf.php' Credentials Information Disclosure Vulnerability
References:
References:
- freePBX Homepage (Coalescent Systems Inc.)
- SECURITY gen_amp_conf.php (FreePBX)