Teamspeak hole..

[VicToMeyeZR]

Anyone have/had problems with people finding a hole in the superadmin. I have someone that was able to create a virtual server for himself by loggin in through the superadmin account..

 

They must have a program the quearies all the default superadmin passwords that TS creates on the install?

[SickPuppy]

Anyone have/had problems with people finding a hole in the superadmin. I have someone that was able to create a virtual server for himself by loggin in through the superadmin account..

 

 

 

Yes this is a well known security issue with T/S. Anyone can take advantage of it.

[VicToMeyeZR]

well nice. Glad to see TS addressed the issue

[studeggle]

You should ALWAYS set your own password or at the least use a third party password generator(without letting others know what it is. ALL computer generated passwords follow a logic procedure in there creation that can be reversed). Default passwords are just that default, there purpose is to provide temporary security while you set things up, you have no one but yourself to blame if you left a default password in place.

Also no password in the world is immune from cracking if the system is ignored, you must always pay attention to your log files for brute force attempts on your password, and block offenders and cycle your password so time spent trying to brute force it is wasted.

I'd suggest you review security 101 if you’re going to run a online company

[VicToMeyeZR]

yeah, well all said and good... I have to address them as I see them. Only so many hours in a day.

[JasonF]

Does the user normally have Superadmin access or was he able to gain it?

[Dan M]

People can view the logfile which contains default SSA password on the main server when created. If you don't change the password people can recall back to the logfile with an exploit and get in through Superadmin.

[{-SMAKU-}_MotorMouth]

Also turn off the web admin panel in the config. That way only a person logged in to the box can gain access. I don't remember where it is I did that on my personal T/S I ran a few years back.

[JasonF]

I don't remember where it is I did that on my personal T/S I ran a few years back.

 

In the TS server's ini file.

[VicToMeyeZR]

Does the user normally have Superadmin access or was he able to gain it?

 

Yeah, he gained it. Not even a customer or user. Created a port 1337 server.. Its all good. I got it taken care of now