Teamspeak Issues Inc Security Bug

[HH-Steven]

Ok, setup Teamspeak and its running ok but there seems to be a few bugs with it:

1. It uses the same admin and serveradmin passwords for EVERY server setup, obviously this is a major security risk, it means anyone could gain access to someone elses Teamspeak server by simply changing the port number at the end of the url.

2. When using the setup wizard from WHM, what is the point of requesting or entering the amount of slots when it has no effect on the actual slots setup, it is always set at 16.

3. When the user first goes to start & setup the server the TeamSpeak IP:Port Settings are always as below:

TCPQuery Port: 51234
UDPQuery Port: 8768

Both ports in this instance should be 7510 and when both are changed to this via the drop down list BEFORE starting the server it works ok but if they are not changed then it causes issues and users are unable to login to the TS admin successfully.

On a side note to the above, once they are changed to the correct port (7510 in this instance) no other option is available so im assuming its just a default variable set on the form.

This is also the same on the TS admin page (yourip&port/login.html), the serverport is always shown as 8767 whereas in this instance it should be 7510

4. When the server is setup and installed where does it copy the relative files from?, i.e the login.html form etc.... as im thinking that if the default variable on the forms can be removed then this fixes issue number 3 and it would be a pain to have to edit every users /tsfolder/login.html everytime, itd be much easier to edit the original.

I do have more bugs and questions but the above are the most urgent in my eyes, especially number 1.

[darren]

Hey,
I just made these changes for 0.6.7, let me know if I missed something:

• Added option in WHM to not show the SuperAdmin password/link in cPanel
• Changed it so the TS max clients value would be saved in the SQLite database, thereby enforcing the limit
• Changed TS install to generate random passwords for admin/superadmin for each new server installation
• Set default ports in SQLite db as well as config during install to prevent defaults from showing

The default values are from /var/cpanel/cpgsd.pl and also from the files inside the ts.cpgs package. All of the html files you see in cPanel are dynamically created, they are kind of like templates that hold no real specific data.

[SyntaxLAMP]

lol and now with 0.6.8 the passwords aren't set and the server.ini can't be found

[darren]

Can you put in a ticket about it ? It's working on all machines I've got access to. Could be an issue with the memory pragma if your sqlite install is "funny" like I saw on a VPS.