vicidial.org

Thought I would post this because I just ran into this with a gig I got called in to fix and I see this behavior all the time. Even if you have your SIP locked down... having an easily compromised agent password can lead to you an outrageous bill. Attackers are now injecting into vdc_db_query.php commands and then having the server place hundreds of calls that way regardless if the person is connected to their conference. Anyhow I just wanted to bring this to people attention because I cant count how many times I have see agents like 100 with a password of 100 because people dont think they can compromise the system without seeing it take place.

Agreed, we see this frequently with clients as well. We usually suggest enabling the "User Password Minimum Length" System Setting because a long password is the most important factor in password security.