Teeworlds 0.6.5 Vulnerability: Connection Packet Forgery and Server Slot Occupation

Teeworlds 0.6.5 Vulnerability: Connection Packet Forgery and Server Slot Occupation

CVE-2018-18541 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download packets.

Learn more about our Cis Benchmark Audit For Server Software.