Uploaded image for project: 'FreePBX'
  1. FreePBX
  2. FREEPBX-12058

Potential unexpected use of transfer functionality

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Core
    • Labels:
      None
    • Asterisk Version:
      13.7.2
    • Distro Version:
      10.13.66-11
    • Distro:
      FreePBX Distro

      Description

      I big security issue has been found this moment.
      I tried it with our PBX and couldnt believe it.
      "Call any Extension from Cell Phone -> Pickup the call -> Now press *2 on the cell phone and dial the number of your choice.
      Get a free call on the costs of the pbx owner.

      The Same works with ## Transfer initiated from my Cell Phone!

      This could cost FreePBX owners thousands of Dollars if they dont prevent this.

      http://community.freepbx.org/t/hacker-makes-international-calls-through-my-freepbx-ivr/34334/9

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  tm1000 Andrew Nagy
                  Reporter:
                  mitterhuemer Matthias Binder
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  7 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    NextupJiraPlusStatus

                    Error rendering 'slack.nextup.jira:nextup-jira-plus-status'. Please contact your Jira administrators.