bsntech at November 26th, 2011 16:50 — #1
So there is a bit of a security concern I see with FreePBX and the call forwarding option - and there may be other options.
When I dial the number to do call forwarding, it asks for phone extension. This then allows me to put in ANY phone extension. Then it will ask for the location to forward to.
In essence, I could dial the feature code to do call forwarding, enter someone else's extension - and set it up to call forward wherever I'd want.
Definite security issue here - is there a way that this can be resolved/fixed without removing the call forwarding feature?
bsntech at November 28th, 2011 17:41 — #2
Nobody knows how to circumvent this security issue? Certainly there must be a way - without fully disabling the call forwarding capability - to limit the call forwarding to the line you are calling in from.
enetics at February 15th, 2012 18:26 — #3
This is an amazing oversight in security. We're bumping this thread in hopes someone has a solution.
enetics at February 20th, 2012 18:22 — #4
We added a simple patch that comments out the portion of code that allows one to select an extension. You can find it in the Trac here:
Whether it's accepted or not, I'd love an explanation either way.
bsntech at February 20th, 2012 18:30 — #5
Glad that someone has discovered that this is as large as a security flaw as I thought as well.
How can the patch be applied? I can see the .diff file when going to the ticket, but is it simply copy/pasted into a file - and how can the changes be made to the proper file?
bsntech at February 20th, 2012 18:38 — #6
Just added the PHP commenting lines in the appropriate place - all seems good.
bsntech at February 20th, 2012 18:44 — #7
So I put the patch in as indicated.
I then did a *90 from my phone and it still asks for the extension - then the pound key. I did restart the asterisk process before trying - so not sure if anyone else tested this.
I also did a restart on the PBX server as well - and it still asks for extension and pound key.
system at June 4th, 2014 15:24 — #8
This topic is now closed. New replies are no longer allowed.