Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Exploit of Express Messenger to call St Lucia / UK 2

Status
Not open for further replies.

rossiv

Technical User
Mar 7, 2009
77
US
I've been dealing with this all day and figured I'd share with you guys.

Someone was able to get into Express Messenger on our 200 ICP over the weekend. At some point Friday, they got into the admin menu using the technician's password (not changed from default) from the auto attendant and changed the 0 digit to redirect to a number in the UK. The issue was reported to us and we changed it. We weren't sure of how they got in at that point, so we didn't change anything. Come last night around 10pm our call accounting printer was going crazy posting charges for calls to St Lucia from the Express Messenger VM. Same people (we assume) went back in and changed the 0 digit to dial St Lucia. In total, about 10 hours of calls went through (multiple simultaneously, lasting between 10-20 minutes) before we were able to shut PBX down for long enough for them to give up.

Our phone dealer called Mitel today and apparently we aren't the only ones who've had this problem. We're #7 to report it in the last few days. Mitel told us that it was the technician's password that they got in with. It has been changed, along with any other passwords that were left at default.

Lesson learned here - don't leave passwords at default. That, and you can get into Express Messenger VM admin from outside. As for the bill, I don't know yet. I'll know within 48 hours.
 
Always always always restrict your VM ports from LD.

Period, end of story.

If the customer insists, get a waiver of responsibilty.

Change all Default passcodes as a precaution and to prevent the nuisance but if you do above it does not matter
[ul]
[li]Technician[/li]
[li]Admin[/li]
[li]Manager[/li]
[li]Mailbox Zero - DONT forget this one[/li]
[/ul]

Did I mention restricting your VM ports?

**********************************************
What's most important is that you realise ... There is no spoon.
 
Restricting VM ports sounds like a good idea. Suggestions on how to do that? SX-200_ICP_5.0.2.12 MX

All above passwords have since been changed. Mailbox password was already changed before.

Note that they will need to be able to call toll-free as one of our options transfers to an off-site reservation office.
 
you will hopefully have separate routes for Local, Tollfree, LD and overseas (form 23)

Each route (form 23) should be assigned a different Restricted COR Group (referencing Form 20)

Each port of the Voicemail should be assigned a COR level that is different from other devices. I use COR 25 (Form 9)

Assign the VM port COR (25?) into the Restricted COR Groups (form 25) where you want the call to be restricted.



**********************************************
What's most important is that you realise ... There is no spoon.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top