Total vulnerabilities in the database
FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
| Software | From | Fixed in |
|---|---|---|
| freepbx / freepbx | 2.5.0rc2 | 2.5.0rc2.x |
| freepbx / freepbx | 2.4.0_beta1 | 2.4.0_beta1.x |
| freepbx / freepbx | 2.5.2 | 2.5.2.x |
| freepbx / freepbx | 2.5.0_beta1 | 2.5.0_beta1.x |
| freepbx / freepbx | 2.4.1 | 2.4.1.x |
| freepbx / freepbx | 2.4.0_beta2 | 2.4.0_beta2.x |
| freepbx / freepbx | 2.5.0rc3 | 2.5.0rc3.x |
| freepbx / freepbx | 2.5 | 2.5.x |
| freepbx / freepbx | 2.5.1 | 2.5.1.x |
| freepbx / freepbx | 2.4 | 2.4.x |
| sangoma / freepbx | 2.4.0 | 2.4.0.x |
| sangoma / freepbx | 2.5.0 | 2.5.0.x |