Saving “admins” From Themselves
Hi,
We recently had a customer that set up Asterisk with port 5038 open to the world with standard configs for the AMI (by that I mean they copied and pasted configs that they saw online). Digging around a bit it seems the attacker used the AMI action “pjsip show auths” followed by “pjsip show auth
wonder if by default certain items such as passwords should not be available in plain text. If the consensus is that hiding such info is good I would want to contribute to a patch to hide plain text passwords by default across Asterisk.
Your thoughts?
One thought on - Saving “admins” From Themselves
Hi Dovid,
There is no default manager.conf in the ‘make basic-pbx’ config build.
But there is however the sample manager.conf.sample which would get installed with ‘make samples’ config which has a giant security warning at the top of the file. By default manager has enabled=no, and has a commented/disabled example config for the ‘mark’ user. There is no default ‘open to the world’ configuration for mainline asterisk. I
would agree however that the default bindaddr should not be 0.0.0.0 in manager.conf.sample. I’ll put in for a fix for that.
With that being said, The Asterisk project has no control over what other distributions might do in terms of packaging and the default configurations they install. For example, Debian, Redhat, FreePBX, etc etc… might by default open up asterisk to the world with something wildly insecure like a 0.0.0.0 bind and a login of admin/admin. So if that was the case, then those package managers should be made aware of that issue on a case-by-case basis. Offhand I don’t know which distributions install a default open manager.conf.
—