Forum


Notice to all users

We are migrating towards a new forum system located at community.teamspeak.com, as such this forum will become read-only on January 29, 2020

Results 1 to 9 of 9
  1. #1
    Join Date
    December 2012
    Location
    Paris, France
    Posts
    185

    Solved [Urgent] French translation exploit

    Hi!

    The french translation allow all user to see the unique ID of the user, his dbid and more without any perm.

    On my server i have removed all perm for view users info.

    I don't understand how a simple translation can grant access to unique ID, database ID, First connection and Connection count when the original language (english) don't display these informations.

    Please fix this problem, i wont user can access to Unique ID, DB ID and other information without perm granted, this is not normal and i find that really dangerous.

    French translation : http://addons.teamspeak.com/director...ns/French.html
    Screen shot: Name:  perm.png
Views: 457
Size:  6.5 KB
    Thank you, Toine

  2. #2
    Join Date
    January 2010
    Location
    Catalunya
    Posts
    2,350
    It is no exploit, and the information you see isn't a problem or security leakage.


    This is the new style template information. You can change the template to:
    Settings >> Design >> Theme ...

  3. #3
    Join Date
    December 2012
    Location
    Paris, France
    Posts
    185
    Sorry but i wont display these informations on my server, i dont understand why these informations are not affected by user view permissions.

  4. #4
    Join Date
    June 2012
    Location
    here and there..
    Posts
    86
    this is not possible...

    our unique ID can be see by all users and you can't chance this.

    It is like you IP in networks, you can hide them, but erase them will never work. In ts3 you can't hide you unique id.

    You can edit our

    style so you can't see this informations, but every who want see this ID, can see it...



    Sry, my english is wobbly, but i think you understand me

    Greetz

  5. #5
    Join Date
    June 2011
    Posts
    60
    I have complete confidence that the Teamspeak team wouldn't have such blatant security holes. Additionally that unique ID is like 1/6th of your full ID that people need to have your server privileges.

  6. #6
    Join Date
    January 2010
    Location
    Catalunya
    Posts
    2,350
    This is the public unique ID, necessary to do administrative tasks (e.g. bans)
    The complete unique ID is well saved in the file ts3clientui_qt.secrets.conf
    Last edited by Jordi; January 20th, 2013 at 01:24 PM.

  7. #7
    Join Date
    December 2012
    Location
    Paris, France
    Posts
    185
    I just want manage who can access to these informations. You tell me UID is same as @IP, but i can hide @IP from all client and grant only somes users to see it.

    On my server only somes users can add ban rules by @IP or UID, but display UID on all clients without any permission is not safe. Any user can list many UID from any TS3 server and use them for unauthorized activity.

    Actually the private part of the UID is safe, but what we will do if a flaw is discovered in the process of creating UID? If the private part can be predicted with the public part of UID the permission system will be useless since everyone can see the UID of all users.

    I know that I am considering the worst case, but I think that with so many ts3 users around the world should guard against this type of problem by avoiding the dissemination of information too sensitive for all to see.

  8. #8
    Join Date
    June 2012
    Location
    here and there..
    Posts
    86
    I had no idea what is happen.
    You can't not hide our UID in the all other clients.
    And the UID in our client is not part of die id in ts3clientui_qt.secrets.conf, there are complitly different characters.

    Btw, with my post I mean the IP in the internet, and there must be set, cause bytes where send TO this adress, may about proxy servers but the end is our $*#&!?% IP!




    PS: I repeat, the UID (in our client) is NOT hideable, the UID is for other clients to sort the chat log, or offline messages etc.


    PPS: Why you want to hide the UID, before you chance our style you didn't know about any "UID's" and now you want "safe internet", there is only one thing to say "The Internet is not save!"

  9. #9
    Join Date
    June 2008
    Posts
    18,513
    No Bug, no exploit and nothing about translation

    Public UID; DBID; last/first connected, connection count > Are always given to any client.
    It has nothing to do with security and only the style we use by default hides these information, for new users, because it is not needed to talk with others on a server.

    CLOSED
    When sending me private messages: Please make sure to include reference link to your forum thread or post.

    TeamSpeak FAQ || What should i report, when i open a client thread?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. French translation of teamspeak 3
    By Qui-Gon in forum General Questions
    Replies: 8
    Last Post: April 7th, 2009, 09:35 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •