Jump to content

Empty passwords


Vodia PBX
 Share

Recommended Posts

Running a PBX on a public IP address with no password is pretty very dangerous. I would like to share a little shell script with you that oes through the XML files and pulls out those accounts which are affected:

 

#!/bin/bash
# Show the passwords of all users:

function get_xml()
{
 gawk -v tag=$1 'BEGIN{regex="<" tag ">([^<]*)</" tag ">";}{ match($0, regex, m); for(i = 1;; i++) { if(!(i in m)) break; printf("%s\n",m[i]);}}' $2
}

for user in users/*.xml
do
 name=${user:6} # only the name
 idx=${name%.xml} # only the number
 type=$(get_xml type $user)
 if [ "$type" == extensions ]; then
id=$(get_xml id $user)
primary=$(get_xml alias $user)
password=$(get_xml password extensions/$id.xml)
if [ -z "$password" ]; then
	domain=$(get_xml domain $user)
	username=$(get_xml name user_alias/$primary.xml)
	domainname=$(get_xml name domains/$domain.xml)
	echo $username@$domainname
fi
 fi
done

 

Please check if there are accounts that need passwords to be set. Unfortunately "marketing" required that we made it very easy for the user to change their password, so the JavaScript that checks the password quality was turned off by default. I strongly recommend to turn it on again, even it users are complaining that their password "1234" cannot be accepted any more.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...