UCM6510 admin permanently locked out

physical-security

#1

I have a UCM 6510 that when I try to login to it, it gives me an error that my user is permanently locked out. Can’t, obviously, get in to work on some things I need. Is there a way to over ride this. I really think someone is trying to hack into the PBX but I can’t even see that.

Thanks


#2

#3

Hi ccutshaw66

depending on software version it is very likely your system has been hacked.

there was a SQL hack recently and i saw 100% of my system accessed Grandstream did release a note about this and have requested all system be upgraded to protect them against hacking.

another good idea is to white list local LAN and only allow your ip access if external via the http access whitelist.

also good firewall rules.

if it has been hacked you can try a password recovery this will send an email with the password to the registered email.

we found that the hacker had changed that email however we had access to the SMTP mail server so i was able to look at the senT mail for the UCM and then get the password and reset it.

we had a the system doing automatic upgrades to SD so i had access to a current backup with the hacked password however Grandstream was no able to recover the password from the backup. While i’m sure they could i can understand the security issue involved if they told you how to.

failing that factory reset and hopefully reload a backup.

Good Luck
Andrew