Sjur Usken

Views on new technologies and business opportunities from Sjur Usken

Vulnerability in FreePBX 2.5 and 2.6


The Exploit Database reports that FreePBX version 2.5 and 2.6 is vulnerable to Cross-Site Scripting (XSS).

An affected user may unintentionally execute scripts or actions written by
an attacker. In addition, an attacker may obtain authorization cookies
that would allow him to gain unauthorized access to the application.

This is just the beginning of vulnerabilities in different VoIP applications. Up until now, there has not been the need of vulnerabilities to exploit VoIP services. Too many IP PBXes has been configured insecure, and easy to abuse.

The next wave will see more exploits beeing used towards IP PBXes. They are often based on same protocols and applications as any other server….

[ad]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: