Asterisk Recording Interface (ARI) in Asterisk@Home prior to 2.8 stores recordings/includes/main.conf under the web document root with insufficient access control, which allows remote malicious users to obtain password information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
asteriskathome asteriskathome |