Security vulnerability: user can become a channel operator by accident

[cyrmax]

trafficstars

Description

This problem occurs because the information about channel operators is stored in the form where only the channel ID is recorded. So if the administrator deletes some channel and creates a new one with the same ID, all users who had some extra rights to the old channel immediately get the same rights in the new one.

Not checked yet, but I think that with other extra rights and per user settings this situation will be the same.

Application

• [ ] qtTeamTalk
• [ ] TeamTalkAndroid
• [ ] iTeamTalk
• [ ] TeamTalkClassic
• [X] TeamTalkServer

Platform

• [X] Windows
• [X] macOS
• [ ] Android
• [ ] iOS
• [X] Linux

Expected behavior

I suggest that when some channel is being deleted while server is running and when server starts / stops and checks the configuration all records that belong to channels that don't exist anymore should be also deleted from the configuration.

Actual behavior

When you delete a channel and create a new one and it gets the same ID as the old one, users who were old channel operators become the new channel operators too.

Steps to reproduce problem

1. Create a permanent channel on your server;
2. Set some user as the channel operator;
3. Open Teamtalk config xml file and write down an ID of the newly created channel;
4. Delete the channel;
5. Create a new permanent channel;
6. Notice that its ID is the same as the deleted one;
7. Ask the user who was the previous channel operator to re-login;
8. Find that now he/she is a new channel operator too.