Multiple logins for administrative purposes

Discussion in '3CX Phone System - General' started by coelhopsi, Nov 3, 2012.

Thread Status:
Not open for further replies.
  1. coelhopsi

    Joined:
    May 7, 2008
    Messages:
    84
    Likes Received:
    0
    Hello,

    One of the feature requests for 3CX was the ability to have multiple logins for administrative purposes (http://3cx.ideascale.com/a/dtd/Multiple-login-s-for-administrating-perpeses/80841-9854). It was announced on this same feature request page that "In the next 3CX Phone System Version 11 we are going to have the ability for multiple extensions to be able to log in to the 3CX management console using extension number and PIN".

    When 3CX v11 BETA was released, it was also announced that 3CX now had this feature implemented (http://www.3cx.com/blog/releases/3cx-phone-system-version-11-beta-available/): "•Multiple access by allowed extensions to connect to the 3CX Management Console and 3CX Wallboard".

    The point of having this feature implemented is to avoid password sharing, a highly unrecommended practice. However, what's the point in having this ability in 3CX v11, if any user with access to the management console can go into Settings / Advanced / Custom Parameters / WEBSERVERPASS and see the master password? This can be considered a security exposure...

    Regards,
    Fábio Pinto Coelho
     
  2. coelhopsi

    Joined:
    May 7, 2008
    Messages:
    84
    Likes Received:
    0
    Are there any plans to have this security exposure fixed? Any work in progress?
     
  3. craigreilly

    craigreilly Well-Known Member

    Joined:
    Feb 1, 2012
    Messages:
    3,321
    Likes Received:
    253
    Your best bet is to find someone with a support account and submit this as a bug.

    Hopefully they will see this.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Thread Status:
Not open for further replies.