Plum IVR Support

- go to 'call activity'

- go to 'recent calls'

- go to 'last log'

- you see in the log:
Attempting to fetch http://popproxy-uk.plumgroup.com/director/director.vxml
Click here to view saved VoiceXML script

- click the link to view the contents of director.vxml

- the array created between the <script></script> tags reveals sensitive info about other Plum customers including their access numbers, what apps they are pointing to, names of scratchpad files, etc.

- even more troubling, once the names of other users' files are known anyone can look at them in a browser.

Will you fix this?

The director.vxml file does not expose anything that is private to your account like your password or PIN codes. If you are concerned about other users accessing the URLs associated with your DNISes, please configure your web server to only allow access from the Plum IVR subnets: 212.118.226.192/26 and 69.25.74.64/26.

If you would like to completely mask your configuration from other users in the shared IVR hosting environment, I would recommend contact one of our sales people to discuss the possibility of hosting a dedicated IVR server and circuit for your IVR application. The cost would, of course, be higher, but you would not have to share resources with our other customers.