FreePBX UCP page can send unlimited Reset password email that can leads to DOS

Hi FreePBX team,

We have noticed that the UCP page can send unlimited reset password that can possibly leads to DOS.

Is it possible to limit this into twice and there is countdown time before the user can send again or if none, is there a way to totally disable the “Forgot Password” button?

Thank you for your help :slight_smile:

I am not aware of any built-in way to toggle this. There is Sangoma responsive firewall which can block IPs after it sees a series of failures, but an ever-changing IP will negate that.

You could approach this in two ways:

  1. Assume this is a bug and submit a bug report and see what Sangoma says.
  2. Assume this is feature request and submit a feature request.

Hi comtech,

Thank you.

May I ask where to submit a bug report?

They have not introduced a replacement bug tracker so just tagging on here @kgupta @lgaetz


@kgupta @lgaetz any updates or thoughts about this?

No thoughts other than to confirm that it’s currently a pending feature request.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.