Security: Credentials disclosure via <withheld>

This is not the same as

The ISO used to install - - the latest as of 2/15/2012.

The details will be posted here on 2/22/2012

well not giving us any details on what the issue is does no good. You are running all over talking about security but not offering any details, solutions or how to re-create it. Feel free to send me a PM on the issue and I can look at it but these types of threads are useless and scare people without giving us any information.

I would be happy to use the official channel for reporting security issues to FPBX if there was one.
Does [email protected] work ?

BTW: I thinkI posted enough details for you to recreate the problem.
Check the other thread in the dev forum.

I see nothing in that thread. Please contact me direct as I oversee the Distro part of FreePBX. You can also email [email protected] if you want and I and Philippe both get that email

Ok so what was referring to is in this bug report.

The ARI Admin Username and Password was exposed in the /recordings directory without being logged into the ARI. This was not exposed anywhere else and was not disclosing the Admin Username and Password as was stated in other forumns but the ARI admin username and password. This was introduced 3 days ago by a mistake and has been corrected in the latest ARI Framework module.

Please note this only effect 2.10 Beta customers and only people who updated the ARI module in the past 3 days.


yes [email protected] should work. Did you have issues with it, if so I will check it out.