Tibur
20-04-2005, 14:14
Can any of the teamspeak creators, explain to my why the dbs file does not encrypt passwords?
and is there some sort of backdoor to these files? It came to my attention that people have just been randomly joining teamspeak servers, so I thought I would take a peak at the DBS and see how different it is from the edit user screen.
It appears that its a SQL lite generated DBS file, the main issue at hand is it does not encrypt passwords at all. This could potentil be a severe problem for members who do join TS, If they jsut so happen to use the same password on perhaps their online game site or email etc.
Will this be addressed in Teamspeak3? or maybe a critical update patch? As a clan leader I host my clans TS server. It became aware to me yesterday that some serious bad things can happen when an admin account was hacked on a game I play. People started asking me if TS could be hacked, and I replied not that I am aware of, and I look here weekly to see if any new information is posted. With most replies simply being dont give your password out for your server etc. Which is all fair and fun, but what if this dbs file is accessible, somehow.
I went ahead and tried to connect to the server computers using IE with a few different ports trying to snage the server.dbs file to no avail. I noticed also that I couldnt pick up any pages other tham index.html .However maybe just maybe there is a way to jump into the Teamspeak_RC2 folder and aquire that file :(.
I hope this can be discussed and see if there may possibly be a security flaw. and we can all work together and find a solution.
------------------------
On a side note are the admin and super admin accounts install passwords generated? or standard? I've noticed the server.dbs file stores these too :eek: , once again completely unencrypted.
Tibur <tibur@martyrsofsin.com>
MoS [Martyrs of Sin] Leader
Attitudes Reflect Leadership
http://forums.martyrsofsin.com
and is there some sort of backdoor to these files? It came to my attention that people have just been randomly joining teamspeak servers, so I thought I would take a peak at the DBS and see how different it is from the edit user screen.
It appears that its a SQL lite generated DBS file, the main issue at hand is it does not encrypt passwords at all. This could potentil be a severe problem for members who do join TS, If they jsut so happen to use the same password on perhaps their online game site or email etc.
Will this be addressed in Teamspeak3? or maybe a critical update patch? As a clan leader I host my clans TS server. It became aware to me yesterday that some serious bad things can happen when an admin account was hacked on a game I play. People started asking me if TS could be hacked, and I replied not that I am aware of, and I look here weekly to see if any new information is posted. With most replies simply being dont give your password out for your server etc. Which is all fair and fun, but what if this dbs file is accessible, somehow.
I went ahead and tried to connect to the server computers using IE with a few different ports trying to snage the server.dbs file to no avail. I noticed also that I couldnt pick up any pages other tham index.html .However maybe just maybe there is a way to jump into the Teamspeak_RC2 folder and aquire that file :(.
I hope this can be discussed and see if there may possibly be a security flaw. and we can all work together and find a solution.
------------------------
On a side note are the admin and super admin accounts install passwords generated? or standard? I've noticed the server.dbs file stores these too :eek: , once again completely unencrypted.
Tibur <tibur@martyrsofsin.com>
MoS [Martyrs of Sin] Leader
Attitudes Reflect Leadership
http://forums.martyrsofsin.com