Hi,
One of our customers has suffered a major security breach.
This has been tested on the latest 2.6 and 2.5. I’m not posting how to do this here, but all please, please change your /etc/asterisk/vm_general.inc to:
operator=no
I’m raising a ticket via trac for this.
there has been a fix for this issue in SVN for a few weeks now but not all versions of FreePBX had core modules pushed out to get the fix through the online repository.
I’ve just pushed out the modules for all versions that this had been fixed for if the module had not already been out.
It is fixed on versions 2.3 and up and had already been out for 2.7 and the current 2.8 beta as well.