PSA: Make sure you use unique and complex agent passwords!

Any and all non-support discussions

Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N

PSA: Make sure you use unique and complex agent passwords!

Postby Acidshock » Wed Aug 10, 2022 2:26 am

Thought I would post this because I just ran into this with a gig I got called in to fix and I see this behavior all the time. Even if you have your SIP locked down... having an easily compromised agent password can lead to you an outrageous bill. Attackers are now injecting into vdc_db_query.php commands and then having the server place hundreds of calls that way regardless if the person is connected to their conference. Anyhow I just wanted to bring this to people attention because I cant count how many times I have see agents like 100 with a password of 100 because people dont think they can compromise the system without seeing it take place.
VERSION: 2.14-698a | BUILD: 190207-2301 | Asterisk:13.24.1-vici | Vicibox 8.1.2
Acidshock
 
Posts: 428
Joined: Wed Mar 03, 2010 3:19 pm

Re: PSA: Make sure you use unique and complex agent password

Postby mflorell » Wed Aug 10, 2022 6:15 am

Agreed, we see this frequently with clients as well. We usually suggest enabling the "User Password Minimum Length" System Setting because a long password is the most important factor in password security.
mflorell
Site Admin
 
Posts: 18335
Joined: Wed Jun 07, 2006 2:45 pm
Location: Florida


Return to General Discussion

Who is online

Users browsing this forum: Bing [Bot] and 37 guests