Thank you for the explanation, Dave. I believe that I have three users: admin (in /etc/asterisk/manager.conf), cxpanel and firewall (from the GUI). Although I have one FreePBX server, I feel that the passwords for cxpanel and firewall users are the same across all freepbx servers (they seem to have specific pattern)
- My question is, if I change the passwords in the GUI or the
/etc/asterisk/manager.confto make them stronger do I need to make changes anywhere else? my plan is to avoid situation similar to this one Fortigate exploit .
(For example for the extensions, if the secret is changed in the GUI then I need to change it in the endpoint / the phone)