Help: Default Asterisk Manager Password

Asterisk Asterisk Support
1

hi Guys,

We do have a FreePBX server version 2.11 with Asterisk version 11. just noticed that ther’s a notification in the FreePBX System Status saying “Default Asterisk Manager Password Used”. If you could please share your views about my concerns
Quite new to Asterisk and FreePBX, kindly enlighten me about this.

i tried to login to the web GUI of my FreePBX server using the default Asterisk Manager username and password listed in the Settings> Advanced Settings, but could not login.
Please enlighten me on this, as i want to really understand the risk and how to secure it.

  1. what are the bad things that can possibly happen to my PBX server if the default Asterisk Manager Password was kept unchanged? Would like to fully understand the bad things that can happen, and to secure our PBX system.

  2. What or which part of the FreePBX system are being controlled by the Asterisk Manager username and password?

  3. how can attackers login and make use of the Asterisk Manager credentials to messed up the system and or make free calls?

  4. what are the implications of NOT changing the Default Asterisk Manager Password in FreePBX?
    Will the FreePBX server be vulnerable to hacking attacks if the Default Asterisk Manager Password was not changed?

Thank you very much in advance…

2

Hello.

In a bare Asterisk system (not any GUI distribution) the default port por Asterisk Manager Interface is 5038.

The risk level depends on what actions are allowed to the user, the password of who is widely known.

As for 11, the AMI is disabled by default and there are no any default passwords, only examples which are commented out.

Check the manager.conf file. I hope FreePBX gets the configuration from it.

Check please wiki.asterisk.org/wiki/display/ … TCP+IP+API