Mumble

Tracker: Bugs

5 Possible Security Leak? - ID: 1873716

Last Update: Comment added ( slicer )

Details:

With a "wrong" welcome message in murmur.ini, the server replies the whole
rest of the config file to the client on connection, eg:

# Welcome message sent to users
welcometext=""Welcome!"

So, if perhaps a database password ist specified later in the configfile,
the client can see this password...

Tested with
murmur-static-1.1.2 on debian
Mumble Client 1.1.2 on win vista

Submitted:

TMiegel ( tmiegel ) - 2008-01-17 14:27

Priority:

Status:

Closed

Resolution:

None

Assigned:

Nobody/Anonymous

Category:

Murmur

Group:

None

Visibility:

Public

Comments ( 2 )

Date: 2008-01-17 21:10 Sender: slicer This is standard multiline string handling. That being said, I agree it's less than optimal in a .ini file. Mumble uses Qt's default .ini file handling through QSettings; I urge you to file a bug report with them.
Date: 2008-01-17 21:08 Sender: slicer This is standard multiline string handling. That being said, I agree it's less than optimal in a .ini file. Mumble uses Qt's default .ini file handling through QSettings; I urge you to file a bug report with them.

Attached File

Changes ( 2 )

Field	Old Value	Date	By
status_id	Open	2008-01-17 21:08	slicer
close_date	-	2008-01-17 21:08	slicer

Mumble

Tracker: Bugs

Comments ( 2 )

Attached File

No Files Currently Attached

Changes ( 2 )

About SourceForge

Find Software

Develop Software

Community

Help