Hi

I have noticed that when querying the RESTful /my/pagedphonebook or
/my/phonebook service that both seem to return the IM password of other
users on the system.

E.g. when logged on to my test system with a username of 093019076 I got the
following XML for 093019077 (a different user) for the /my/phonebook query:

<entry>
    <number>093019077</number>
    <contact-information>
      <homeAddress/>
      <officeAddress>
        <street>167 Victoria Street West</street>
        <city>Auckland</city>
        <country>New Zealand</country>
        <state>Auckland</state>
        <zip>1001</zip>
      </officeAddress>
      <branchAddress>
        <street>167 Victoria Street West</street>
        <city>Auckland</city>
        <country>New Zealand</country>
        <state>Auckland</state>
        <zip>1001</zip>
      </branchAddress>
      <imId>093019077</imId>
      <imPassword>xxxxxxxx</imPassword>
      <avatar>https://secure.gravatar.com/avatar</avatar>
    </contact-information>
  </entry>

I assume this is not supposed to be the intended operation?

Regards
Justin
_______________________________________________
sipx-dev mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-dev/

Reply via email to