director.vxml exposes other Plum users' info
Posted: Tue Apr 04, 2006 7:49 am
- go to 'call activity'
- go to 'recent calls'
- go to 'last log'
- you see in the log:
Attempting to fetch http://popproxy-uk.plumgroup.com/director/director.vxml
Click here to view saved VoiceXML script
- click the link to view the contents of director.vxml
- the array created between the <script></script> tags reveals sensitive info about other Plum customers including their access numbers, what apps they are pointing to, names of scratchpad files, etc.
- even more troubling, once the names of other users' files are known anyone can look at them in a browser.
Will you fix this?
- go to 'recent calls'
- go to 'last log'
- you see in the log:
Attempting to fetch http://popproxy-uk.plumgroup.com/director/director.vxml
Click here to view saved VoiceXML script
- click the link to view the contents of director.vxml
- the array created between the <script></script> tags reveals sensitive info about other Plum customers including their access numbers, what apps they are pointing to, names of scratchpad files, etc.
- even more troubling, once the names of other users' files are known anyone can look at them in a browser.
Will you fix this?