• V20: 3CX Re-engineered. Get V20 for increased security, better call management, a new admin console and Windows softphone. Learn More.

Search results

  1. pj3cx

    Content Security Policy (CSP) issue or bypass

    Hello @stmusr , In fact there is no 'unsafe-inline' and 'unsafe-eval' in the script-src directive - I checked the CSP headers on both v18 U9 and v20 Final and there is no such entry, which version of the 3cx phone system are you scanning? The only 'unsafe-inline' entry can be found under the...
  2. pj3cx

    Content Security Policy (CSP) issue or bypass

    Hello, Thanks for the report, Although it looks like you got this from the Google CSP Evaluator which report these as "possible medium severity finding" when evaluating our default CSP header. These highly depends of the web application and need to be put in context. In case of the 3cx...
  3. pj3cx

    Security Advisory: Disable your CRM Database Integrations

    Continue reading the Original Blog Post.
  4. pj3cx

    Solved CVE-2023-2650

    Hello, In the upcoming v18 Update 9 for Windows these DLL files no longer exist and our binaries ship an updated OpenSSL version already so this is addressed. However, the postgreSQL folder also includes a similar version that is "vulnerable". Note that in our context the risk associated is...
  5. pj3cx

    Recent pentest showing 'Insecure SSL/TLS Configuration' on 3CX - SHA

    Hello @rcanpolat, Thanks for reporting this, in fact that's something we are aware and are planning to address in a future version with the introduction of TLS 1.3 so old ciphers can then be dropped, for now those have been kept for interoperability purposes with legacy devices. That being...
  6. pj3cx

    Fax Server on 3CX DEBIAN UpToDate

    Hello @SK Sales Paris, About the second point I believe you are referring to a ticket which related to an old 3cx version, I can't recall the particular case but there is no such limitation anymore, the fax feature is the same in Linux/Windows.
  7. pj3cx

    New Desktop App Build Number 18.12.425 Released

    Hello dsapp, I'll PM you to gather more info on this, we haven't seen this anywhere else.
  8. pj3cx

    Post Malware Version Removal, Mac clients reported by Router

    Hello Robin, I'll PM you so we can look further into this.
  9. pj3cx

    login username case sensitive

    Hello Ruzzel, Thanks for reporting this, at the moment there is no way to turn it off but we will look into allowing this in a future version.
  10. pj3cx

    Remove IP From Global Blacklist

    Hello, OK I'll PM you about this to sort it out.
  11. pj3cx

    Security Update Tuesday 11 April 2023 - Interim Assessment Concluded

    Hi @jarodt, If the YARA rule did not find an issue then nothing to do, this folder is expected to have files with long GUIDs that are related to registry operations and should not be deleted blindly. You may run a full AV scan as well just to confirm that there are no remnants of any malware on...
  12. pj3cx

    SSH Renegotiation DoS Vulnerability

    Ensure having the option to Auto-Update your 3cx system ticked so that dependencies and security updates are kept up-to date automatically. OpenSSH is a package taken from official Debian repositories, its latest version for buster distribution is 7.9p1-10+deb10u2. You can see the current status...
  13. pj3cx

    SSH Renegotiation DoS Vulnerability

    Hi Kwang, Since you opened a support ticket on this same topic let's continue over there so we gather more info and advise accordingly.
  14. pj3cx

    New 3cx v18 installation blocked bij windows.

    Hello @Mark_McClain, Indeed sorry for the inconvenience, that's something we are aware of and that will be resolved automatically with our upcoming update v18 Update 7A as our new releases are signed with a new certificate already. You can safely use the said workaround with command prompt until...
  15. pj3cx

    Security Update Tuesday 11 April 2023 - Interim Assessment Concluded

    @Charli That would be a question for the Thor authors but we reached them out on that and they indicated the following: - an infected file in C:\Windows\System32\config\TxR\ is found No, not yet. Because THOR cannot evaluate the machine GUID at runtime and then include that evaluated ID in a...
  16. pj3cx

    New 3cx v18 installation blocked bij windows.

    Hello, make sure to run the command prompt as Administrator, then use the cd command to go to the folder where the installer is, e.g "cd C:\Users\yourusername\Downloads" then run 3CXPhoneSystem18.exe from there.
  17. pj3cx

    Security Update Tuesday 11 April 2023 - Interim Assessment Concluded

    @Fred Jelk | PC-Profi GmbH in this folder you will find legitimate files from the OS you shouldn't delete them blindly. Thor authors confirmed that their ruleset includes detection rules for these signatures so if you will use it just run the first command to upgrade and then run scan. Any other...
  18. pj3cx

    Security Update Tuesday 11 April 2023 - Interim Assessment Concluded

    Continue reading the Original Blog Post.
  19. pj3cx

    New Desktop App Build Number 18.12.425 Released

    just quick update we are monitoring any antivirus alerts, - about K7 which detected something in the Desktop App for Windows 18.12.425 it's been reported as false positive yesterday morning 9am UK time, then cleared this morning at 4:20am and they confirmed having whitelisted the windows MSI. -...
  20. pj3cx

    How to Reset Passwords and Secure Admin Console

    Continue reading the Original Blog Post.
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.