fivem icon indicating copy to clipboard operation
fivem copied to clipboard
verified publisher icon citizenfx

tweak(mumble/server): security improvements

Open Korioz opened this issue 3 years ago • 2 comments

This PR features a bunch of improvements addressing mumble server abuses (unwanted users connecting from the official mumble client trolling legit users).

  • Admin password can now be provided without being connected this allows us to disconnect no-admin users not responding to some criteria.
  • Disconnect users connecting from the official mumble client without an admin password set.
  • Disconnect admins who are providing a server id in username field, this help prevent unwanted behaviour with natives or future implementations.
  • Disconnect non-admin users who are providing no server id or a server id already used in username field.

Korioz avatar Sep 16 '22 08:09 Korioz

This.. still doesn't prevent much. Intended approach is to have some sort of shared secret-based token exchange support.

Half-assed changes that will instantly be circumvented don't help anyone, sadly.

blattersturm avatar Sep 16 '22 18:09 blattersturm

Closing this as of blatterstrum's reply, issue has been backlogged to address it later.

thorium-cfx avatar Nov 03 '23 13:11 thorium-cfx