Supervisor
Administrator
- Apr 27, 2015
- 1,863
- 2,546
- 335
Now a little bit of storry first:
We contacted TeamSpeak on 2/March that we did find a new vulnerability in TeamSpeak Server 3.0.12.2. Since they released 3.0.12.3 today, they might think they're secure. Well, as you can see below... they are really not.
We will release the exploit in about one week if TeamSpeak doesnt reply to our Email. (Only reply, not fixing anyting). Seems fair to me.
So here you've got the PoC video for version 3.0.12.3, released today (4/March/2016). The video only shows 3.0.12.3, but it also works for all versions below 3.0.12.3
Credits go to: @Kaptan647 @Derp @ehthe @Asphyxia @Supervisor
/Update: TeamSpeak did reply to us, so we might not release the exploit in one week. We'll see.
/Update2:
We contacted TeamSpeak on 2/March that we did find a new vulnerability in TeamSpeak Server 3.0.12.2. Since they released 3.0.12.3 today, they might think they're secure. Well, as you can see below... they are really not.
We will release the exploit in about one week if TeamSpeak doesnt reply to our Email. (Only reply, not fixing anyting). Seems fair to me.
So here you've got the PoC video for version 3.0.12.3, released today (4/March/2016). The video only shows 3.0.12.3, but it also works for all versions below 3.0.12.3
Credits go to: @Kaptan647 @Derp @ehthe @Asphyxia @Supervisor
/Update: TeamSpeak did reply to us, so we might not release the exploit in one week. We'll see.
/Update2:
The priority of security for TeamSpeak software has been addressed with the utmost importance and has now been recegnized by TeamSpeak and the R4P3 staff. As the R4P3 staff we feel it's in the best interest for the security of teamspeak software to not publicly disclose the informations as of right now.
Last edited: