{"id":1577,"date":"2023-03-25T13:40:34","date_gmt":"2023-03-25T12:40:34","guid":{"rendered":"https:\/\/alessandromasciadri.com\/?p=1577"},"modified":"2023-03-25T14:02:02","modified_gmt":"2023-03-25T13:02:02","slug":"come-risolvere-il-security-warning-change-ari-username-password-su-freepbx","status":"publish","type":"post","link":"https:\/\/alessandromasciadri.com\/come-risolvere-il-security-warning-change-ari-username-password-su-freepbx\/","title":{"rendered":"Come risolvere il security warning Change ARI Username\/Password su FreePBX"},"content":{"rendered":"\t\t<div data-akihiro-type=\"ama-post\" data-akihiro-id=\"1577\" class=\"akihiro akihiro-1577\" data-akihiro-post-type=\"post\">\n\t\t\t\t<div class=\"akihiro-element akihiro-element-330ff8a e-flex e-con-boxed e-con e-parent\" data-id=\"330ff8a\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"akihiro-element akihiro-element-146b22b akihiro-widget akihiro-widget-heading\" data-id=\"146b22b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t<h3 class=\"akihiro-heading-title akihiro-size-default\">Come modificare ARI username e password<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-f5bdb9f akihiro-widget akihiro-widget-text-editor\" data-id=\"f5bdb9f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Recentemente si \u00e8 manifestato un security warning sulle istanze di FreePBX. Questo fa riferimento ad un problema documentato che mette in evidenza una falla di sicurezza a causa dell&#8217;uso non univoco delle credenziali ARI tra istanze FreePBX.<\/p><p>Collegandosi alla dashboard di FreePBX si ottiene questo security warning<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-e92349d akihiro-widget akihiro-widget-image\" data-id=\"e92349d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"550\" height=\"737\" src=\"https:\/\/alessandromasciadri.com\/ama-uploads\/2023\/03\/freepbx-ari-exploit-01.png\" class=\"attachment-large size-large ama-image-1586\" alt=\"\" srcset=\"https:\/\/alessandromasciadri.com\/ama-uploads\/2023\/03\/freepbx-ari-exploit-01.png 550w, https:\/\/alessandromasciadri.com\/ama-uploads\/2023\/03\/freepbx-ari-exploit-01-224x300.png 224w\" sizes=\"(max-width: 550px) 100vw, 550px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-08c1e6e akihiro-widget akihiro-widget-text-editor\" data-id=\"08c1e6e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Per maggiori dettagli in merito possiamo fare riferimento a questo thread: <a href=\"https:\/\/community.freepbx.org\/t\/recent-reports-of-ari-exploit-on-freepbx-systems\/88403\">https:\/\/community.freepbx.org\/t\/recent-reports-of-ari-exploit-on-freepbx-systems\/88403<\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-2ad80f5 akihiro-widget akihiro-widget-text-editor\" data-id=\"2ad80f5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Seguiamo questi semplici passaggi per mettere una patch al problema di sicurezza. Il team di FreePBX sta comunque lavorando ad una patch che verr\u00e0 presto rilasciata.<\/p><p>Lanciamo il seguente comando per modificare il nome utente con uno casuale (usiamo un generatore per generare una stringa casuale di 15 caratteri)<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-560442f akihiro-widget akihiro-widget-code-highlight\" data-id=\"560442f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t<div class=\"prismjs-okaidia copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language-bash \">\n\t\t\t\t<code readonly=\"true\" class=\"language-bash\">\n\t\t\t\t\t<xmp>fwconsole setting FPBX_ARI_USER rIdEnTiOneOvERy<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-785d2ad akihiro-widget akihiro-widget-text-editor\" data-id=\"785d2ad\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Ottenendo in output questo<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-e355d77 akihiro-widget akihiro-widget-code-highlight\" data-id=\"e355d77\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t<div class=\"prismjs-okaidia copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language-bash \">\n\t\t\t\t<code readonly=\"true\" class=\"language-bash\">\n\t\t\t\t\t<xmp>Changing \"FPBX_ARI_USER\" from [freepbxuser] to [neyMpOrmoRSegen]<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-ac46d0d akihiro-widget akihiro-widget-text-editor\" data-id=\"ac46d0d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Lanciamo il seguente comando per modificare la password con una stringa casuale di 30 caratteri<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-fd7c901 akihiro-widget akihiro-widget-code-highlight\" data-id=\"fd7c901\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t<div class=\"prismjs-okaidia copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language-bash \">\n\t\t\t\t<code readonly=\"true\" class=\"language-bash\">\n\t\t\t\t\t<xmp>fwconsole setting FPBX_ARI_PASSWORD rAbloGUencoBStOPoraTeNtUrEgurM<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-f4b7a59 akihiro-widget akihiro-widget-text-editor\" data-id=\"f4b7a59\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Ottenendo in output questo<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-b6e786d akihiro-widget akihiro-widget-code-highlight\" data-id=\"b6e786d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t<div class=\"prismjs-okaidia copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language-bash \">\n\t\t\t\t<code readonly=\"true\" class=\"language-bash\">\n\t\t\t\t\t<xmp>Changing \"FPBX_ARI_PASSWORD\" from [lAviSTeRTHagETyMidaMidEdIONEGa] to [nuMbACKAnoNAckSHAretiNsTORknOb]<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-09b5fb7 akihiro-widget akihiro-widget-text-editor\" data-id=\"09b5fb7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Procediamo quindi al riavvio<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-57c3756 akihiro-widget akihiro-widget-code-highlight\" data-id=\"57c3756\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t<div class=\"prismjs-okaidia copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language-bash \">\n\t\t\t\t<code readonly=\"true\" class=\"language-bash\">\n\t\t\t\t\t<xmp>fwconsole r\nfwconsole restart<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-3d229c8 akihiro-widget akihiro-widget-heading\" data-id=\"3d229c8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t<h3 class=\"akihiro-heading-title akihiro-size-default\">Fix dell'errore in fase di reload<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-d3c74cc akihiro-widget akihiro-widget-text-editor\" data-id=\"d3c74cc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Nel caso in cui in fase di reload si dovesse manifestare il seguente errrore<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-df1d1c5 akihiro-widget akihiro-widget-code-highlight\" data-id=\"df1d1c5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t<div class=\"prismjs-okaidia copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language- \">\n\t\t\t\t<code readonly=\"true\" class=\"language-\">\n\t\t\t\t\t<xmp>Reload Started\n\nIn Cron.class.php line 281:\n\n  proc_open(\/tmp\/cron.error): failed to open stream: Permission denied\n\n\nreload [--json] [--dry-run] [--skip-registry-checks] [--dont-reload-asterisk]<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-e0ba12f akihiro-widget akihiro-widget-text-editor\" data-id=\"e0ba12f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Procedere con i seguenti comandi<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-6320570 akihiro-widget akihiro-widget-code-highlight\" data-id=\"6320570\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t<div class=\"prismjs-okaidia copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language-bash \">\n\t\t\t\t<code readonly=\"true\" class=\"language-bash\">\n\t\t\t\t\t<xmp>rm -f \/tmp\/cron.error\nfwconsole chown<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-aa5c73f akihiro-widget akihiro-widget-text-editor\" data-id=\"aa5c73f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Ottenendo in output<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-aa01339 akihiro-widget akihiro-widget-code-highlight\" data-id=\"aa01339\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t<div class=\"prismjs-okaidia copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language- \">\n\t\t\t\t<code readonly=\"true\" class=\"language-\">\n\t\t\t\t\t<xmp>Taking too long? Customize the chown command, See http:\/\/wiki.freepbx.org\/display\/FOP\/FreePBX+Chown+Conf\nSetting Permissions...\nSetting base permissions...Done in 4 seconds\nSetting specific permissions...\n 85256 [============================]\nFinished setting permissions<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-8d1d8ab akihiro-widget akihiro-widget-text-editor\" data-id=\"8d1d8ab\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>L&#8217;errore qui descritto pu\u00f2 essere intercettato anche mediante la dashboard di FreePBX e si mostra in questo modo<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-fc15a6f akihiro-widget akihiro-widget-image\" data-id=\"fc15a6f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"550\" height=\"736\" src=\"https:\/\/alessandromasciadri.com\/ama-uploads\/2023\/03\/freepbx-ari-exploit-02.png\" class=\"attachment-large size-large ama-image-1587\" alt=\"\" srcset=\"https:\/\/alessandromasciadri.com\/ama-uploads\/2023\/03\/freepbx-ari-exploit-02.png 550w, https:\/\/alessandromasciadri.com\/ama-uploads\/2023\/03\/freepbx-ari-exploit-02-224x300.png 224w\" sizes=\"(max-width: 550px) 100vw, 550px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Come modificare ARI username e password Recentemente si \u00e8 manifestato un security warning sulle istanze di FreePBX. Questo fa riferimento ad un problema documentato che mette in evidenza una falla di sicurezza a causa dell&#8217;uso non univoco delle credenziali ARI tra istanze FreePBX. Collegandosi alla dashboard di FreePBX si ottiene questo security warning Per maggiori [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[37,39,38],"class_list":["post-1577","post","type-post","status-publish","format-standard","hentry","category-sistemistica","tag-asterisk","tag-freepbx","tag-voip"],"_links":{"self":[{"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/posts\/1577","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/comments?post=1577"}],"version-history":[{"count":10,"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/posts\/1577\/revisions"}],"predecessor-version":[{"id":1590,"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/posts\/1577\/revisions\/1590"}],"wp:attachment":[{"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/media?parent=1577"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/categories?post=1577"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/tags?post=1577"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}