Security Advisory: Vulnerability in Brekeke Products Could allow unauthorized use of phone lines
Published: March 11, 2009
The vulnerability affects users who configure their Brekeke server software to allow access without REGISTER and INVITE authentication settings.
In publicly accessible servers where Brekeke products were installed without authentication settings, malicious guests could potentially use phone lines with public analog line (PSTN) connections to execute unauthorized outgoing calls.
[Affected Products]
OnDO SIP Server
OnDO PBX
Brekeke SIP Server (v2.2.7.6 or earlier)
Brekeke PBX (v2.2.7.6 or earlier)
[Solutions]
Add following settings described at the below link at Brekeke products:
http://wiki.brekeke.com/wiki/Security
[Recommendation]
For the users who use OnDO SIP Server and OnDO PBX, we strongly recommend upgrading to the latest Brekeke SIP Server or Brekeke PBX. Our current product line offers higher security protection and reliability. We offer upgrade discounts for commercial license holders. To request an upgrade, please send an inquiry from the link below:
http://www.brekeke.com/buy/buy_upgrade.php