Any and all non-support discussions
Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N
by Acidshock » Wed Aug 10, 2022 2:26 am
Thought I would post this because I just ran into this with a gig I got called in to fix and I see this behavior all the time. Even if you have your SIP locked down... having an easily compromised agent password can lead to you an outrageous bill. Attackers are now injecting into vdc_db_query.php commands and then having the server place hundreds of calls that way regardless if the person is connected to their conference. Anyhow I just wanted to bring this to people attention because I cant count how many times I have see agents like 100 with a password of 100 because people dont think they can compromise the system without seeing it take place.
VERSION: 2.14-698a | BUILD: 190207-2301 | Asterisk:13.24.1-vici | Vicibox 8.1.2
-
Acidshock
-
- Posts: 430
- Joined: Wed Mar 03, 2010 3:19 pm
by mflorell » Wed Aug 10, 2022 6:15 am
Agreed, we see this frequently with clients as well. We usually suggest enabling the "User Password Minimum Length" System Setting because a long password is the most important factor in password security.
-
mflorell
- Site Admin
-
- Posts: 18383
- Joined: Wed Jun 07, 2006 2:45 pm
- Location: Florida
-
Return to General Discussion
Who is online
Users browsing this forum: No registered users and 49 guests