Published: March 11, 2009
The vulnerability affects users who configure their Brekeke server software to allow access without REGISTER and INVITE authentication settings.
In publicly accessible servers where Brekeke products were installed without authentication settings, malicious guests could potentially use phone lines with public analog line (PSTN) connections to execute unauthorized outgoing calls.
OnDO SIP Server
Brekeke SIP Server (v18.104.22.168 or earlier)
Brekeke PBX (v22.214.171.124 or earlier)
Add following settings described at the below link at Brekeke products:
For the users who use OnDO SIP Server and OnDO PBX, we strongly recommend upgrading to the latest Brekeke SIP Server or Brekeke PBX. Our current product line offers higher security protection and reliability. We offer upgrade discounts for commercial license holders. To request an upgrade, please send an inquiry from the link below: