Nabeel
2016-Aug-01 08:08 UTC
[asterisk-users] Removing mailbox and password prompt for voicemail
> > But did you understand every line and what it was doing? >They are quite self-explanatory, so of-course I understand them.> Too much information missing. Perhaps instead of asking how to > implement the solution that you have already decided on you should > instead tell us what problem you are trying to solve. Are you really > trying to make your voicemail available to anyone who calls you or are > you limiting it to just the registered phone? How are you accessing VMI am using ODBC realtime storage with Asterisk. Currently, with no password set, a user can dial the voicemail number to retrieve their own voicemail, without needing to enter a password (without hearing the password prompt). However, there is still a 'mailbox' prompt played, and if a different mailbox number is entered after this prompt, then a password can be entered (if set) which intrudes into the other person's mailbox. I want to remove this 'mailbox' prompt so that users won't have this opportunity to access another person's mailbox. That's exactly what I mean. That's why you need to password protect> it.I am yet to test this behaviour in Asterisk during the Unavailable/Busy message. However, if this is the case, then this seems to be an illogical security hole in Asterisk's design. Why does Asterisk allow accessing another person's mailbox by pressing the '*' key, while listening to *the other person's* unavailable message? Nabeel -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20160801/e037172e/attachment.html>
Steve Howes
2016-Aug-01 09:08 UTC
[asterisk-users] Removing mailbox and password prompt for voicemail
On 01/08/16 09:08, Nabeel wrote:> I am yet to test this behaviour in Asterisk during the > Unavailable/Busy message. However, if this is the case, then this > seems to be an illogical security hole in Asterisk's design. Why does > Asterisk allow accessing another person's mailbox by pressing the '*' > key, while listening to /the other person's/ unavailable message? >So you can access your own voicemail remotely. Steve -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20160801/87424572/attachment.html>
D'Arcy J.M. Cain
2016-Aug-01 15:20 UTC
[asterisk-users] Removing mailbox and password prompt for voicemail
On Mon, 1 Aug 2016 09:08:36 +0100 Nabeel <nabeelshikder at gmail.com> wrote:> I am using ODBC realtime storage with Asterisk. Currently, with no > password set, a user can dial the voicemail number to retrieve theirFrom their own phone or from any phone?> I am yet to test this behaviour in Asterisk during the > Unavailable/Busy message. However, if this is the case, then this > seems to be an illogical security hole in Asterisk's design. Why does > Asterisk allow accessing another person's mailbox by pressing the '*' > key, while listening to *the other person's* unavailable message?It's not for accessing another person's mailbox. It's for accessing your own when you are away from home/office. -- D'Arcy J.M. Cain System Administrator, Vex.Net http://www.Vex.Net/ IM:darcy at Vex.Net VoIP: sip:darcy at Vex.Net
Nabeel
2016-Aug-01 17:10 UTC
[asterisk-users] Removing mailbox and password prompt for voicemail
> > From their own phone or from any phone? >>From their own phone. If calling from any other phone, the only difference- for entering the same mailbox - is to enter the mailbox number immediately after the 'mailbox' prompt,> It's not for accessing another person's mailbox. It's for accessing > your own when you are away from home/office.For my setup, the user only needs to access their mailbox from their registered device, not from any other phone. This is why I am trying to remove the 'mailbox' prompt altogether, because it is more efficient for users to skip that step if possible. Nabeel -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20160801/e2155d70/attachment.html>