the function “Call Forward” allows anyone to route any number to any phones. This requires that every Extension is absolutely trustworthy.
To make some examples which illustrate this issue:
A employee redirects the Extension of his Boss to his phone and tricks the Caller into giving him confidential information.
A wife suspects her husband of cheating. So she redirects his calls to her phone.
It would be extremely useful, if there were more options to tweak this behaviour. Possibly an authentication. But in the current state, all that is left is to disable it to prevent abuse.
Did I make a mistake in my tests, or can you reproduce this with your phones? What are your thoughts about this?