We've Moved! Please visit our new and improved forum over at our new portal: https://portal.plumvoice.com/hc/en-us/community/topics

director.vxml exposes other Plum users' info

Questions and answers about Plum iOn systems

Moderators: admin, support

Post Reply
kmanley
Posts: 6
Joined: Thu Mar 16, 2006 3:47 pm
Location: London, UK

director.vxml exposes other Plum users' info

Post by kmanley »

- go to 'call activity'

- go to 'recent calls'

- go to 'last log'

- you see in the log:
Attempting to fetch http://popproxy-uk.plumgroup.com/director/director.vxml
Click here to view saved VoiceXML script

- click the link to view the contents of director.vxml

- the array created between the <script></script> tags reveals sensitive info about other Plum customers including their access numbers, what apps they are pointing to, names of scratchpad files, etc.

- even more troubling, once the names of other users' files are known anyone can look at them in a browser.

Will you fix this?

support
Posts: 3632
Joined: Mon Jun 02, 2003 3:47 pm
Location: Boston, MA
Contact:

Plum IVR solutions for greater privacy with account info

Post by support »

The director.vxml file does not expose anything that is private to your account like your password or PIN codes. If you are concerned about other users accessing the URLs associated with your DNISes, please configure your web server to only allow access from the Plum IVR subnets: 212.118.226.192/26 and 69.25.74.64/26.

If you would like to completely mask your configuration from other users in the shared IVR hosting environment, I would recommend contact one of our sales people to discuss the possibility of hosting a dedicated IVR server and circuit for your IVR application. The cost would, of course, be higher, but you would not have to share resources with our other customers.

Post Reply