Security Concern

Wanted to bring this to someone’s attention as it gave me some trouble here at work.

My security director at work told me to uninstall Teamspeak from my machine because it was making calls to /nice ports,/Trinity.txt.bak which is typically part of a nmap call for testing escape character validation and is a common attack vector. He said that there were other things, but this was most alarming and which case Teamspeak is now flagged as an application that is not allowed to be installed.

The other one he let me know of was that my login credentials for logging into the forum traveled over port 80 and he showed me my password, which was accurate.

So for your first part: I have no such requests in all my network logs. Are you using TeamSpeak 3 or 5 and are you using any plugins by any chance?

For the second part: The forum definitely does not do this! The SSO performs a POST request to https://auth.teamspeak.com/user/perform-login. But even then the request does not contain the actual password but an already hashed version.

We have no backdoor or any other stuff like this in our software.

What could be is that third party plugin is installed or that information is valid but not coming from the client itself at all.

I fully agree to @Gamer92000

1. I was using Teamspeak 5 and the only thing I had was themes which is just the Colorful teamspeak theme and CleanSpeak theme. I also kept it up-to-date whenever an update comes out.

2. I was talking to them about all of this and looking at seeing if I can build a setup similar to what we have here at work at my home, and hopefully get the same results (since I cannot share the logs from work).