Security Threat Discovered; Suggested Solution Described

Apr 14, 2011 | IP PBX (Private Branch Exchange) Product News, VoIP PBX News and Blog

Affected Products

All Xorcom IP-PBX models (XR1nnn, XR2nnn, XR3nnn, XE2nnn, XE3nnn) running Elastix 1.x


Protect Your Elastix Server from Infiltrators

It recently came to our attention that it is possible to login to the Elastix server unembedded FreePBX Web interface (http://address/admin) with user name ‘asteriskuser’ and password ‘eLaStIx.asteriskuser.2oo7’. The user name and password are the same user name and password used by FreePBX to access the ‘asterisk’ MySQL database. They are defined in the parameters AMPDBUSER and AMPDBPASS in the /etc/amportal.conf file.

Note: The option to log in with AMPDBUSER and AMPDBPASS is a standard feature of FreePBX. While the original Elastix FreePBX package contains a patch to close this ‘back door’, the FreePBX modules update operation overwrites the patch and the back door is re-opened.

The problem is that most Elastix users do not change the default password, and some immoral people have discovered this security breach and can use it to make calls at someone else’s expense. The procedure of changing password is a little bit complicated. It is not sufficient to define a new password in the /etc/amportal.conf file, the MySQL settings must also be changed.


In response to this security threat Xorcom has developed a simple script that allows Elastix users to change the password easily. In order to install the script, do the following:

cd /tmp


rpm -Uvh xr-addons-1.00-0.noarch.rpm

ampasswd new_your_password


IP PBX: recent news & updates: