The Asterisk REST Interface is not able to connect (after changing ARI username and password to mitigate the exploit)

So I read the Recent reports of ARI exploit on FreePBX systems and changed the ARI username and password, but after restart of the system (yes, I did fwconsole r and fwconsole restart, but also rebooted the whole system), I get an error in FreePBX (under Asterisk Info, section Channels: The Asterisk REST Interface is not able to connect please check configuration in advanced settings.

Any idea how to solve this?

P. S. in file /etc/asterisk/ari_additional.conf I can see my newly generated user ( generated with fwconsole setting FPBX_ARI_USER <15-char-rnd-string>).

P. S. 2: When I changed FPBX_ARI_USER and FPBX_ARI_PASSWORD, everything started working back… so it seems there is some configuration change missing somewhere.

I had the same issue and then realized I missed the “alphanumeric” requirement in the name and password.

I replaced all special characters with alphanumeric characters and set the new username and password. Everything worked like normal after the restart - no more “…Asterisk REST Interface is not able to connect…” error.

Wow, that was actually the case. I had some special characters, like . - _ in password (!) (not the username), and it broke everything. Now it is working.


no special chars allowed?
good ol sangoma, still forcing less than stellar security practices yet again

Well, yes, it is pretty f* up. :slight_smile:

1 Like

Please be more specific for this, as in FreePBX. The ARI password in Asterisk doesn’t have silly limitations like this. So Asterisk allows for it but again the method being used is FreePBX’s method.

See, you can generate ARI passwords with special characters and it works just fine.

hvs01-west*CLI> ari mkpasswd Gfju%([email protected]+
; Copy the following two lines into ari.conf
password_format = crypt
password = $6$J05vwerfD/q0d2w3$klTL2zuDC8YNGUyD1qeDztviYws2wpCU8/..0MSX5FOjiTMKBpaZ.iooZNjBYjL3E9RQSjvHfGXrUMY9pahZZ1

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.