[Icecast] Icecast exploits?
Philipp Schafft
phschafft at de.loewenfelsen.net
Fri Nov 24 03:45:09 UTC 2023
Good afternoon,
On Thu, 2023-11-23 at 10:27 -0600, Jack Elliott wrote:
> [...]
> But I ask if there is any history of someone with the source password
> hacking into the server computer to do Bad Things?
There is no way to "hack into the server computer" using the source
password with only Icecast.
What you can do using the source password is to... connect a source.
Generally if you cannot trust your sources avoid using the global
source password. Give everyone a personal username and password and
only allow that on the given mount point when they are allowed to
stream to it.
At very least you should invalidate any credentials you gave someone
when that person leaves your team. ;)
With best regards,
--
Philipp Schafft (CEO/Geschäftsführer)
Telephone: +49.3535 490 17 92
Website: https://www.loewenfelsen.net/
Follow us: https://www.linkedin.com/company/loewenfelsen/
Geschäftsführer/CEO: Philipp Schafft
Löwenfelsen UG (haftungsbeschränkt) Registration number:
Bickinger Straße 21 HRB 12308 CB
04916 Herzberg (Elster) VATIN/USt-ID:
Germany DE305133015
More information about the Icecast
mailing list