SAM Broadcaster Request Server Security Flaw! Yes you read the title properly folks. It seems the built in webserver that handles listener requests in SAM broadcaster has a security flaw in it.

SAM broadcaster is already a dodgy enough program without adding stuff like this on top! I saw this post on the SAM broadcaster forums last night….

Click to enlarge

Yes you are reading that post correctly. “I will need to check on that in SAM, that probably could present a security issue.”

No probably about it about it. When there’s a security hole it leaves a users system open to all sorts of vulnerabilities.

Then just this morning he came back with this.

Click to enlarge

“Right, but what I am starting to realize is that there is a problem in the way we determine who gets access and the end user’s perspective of how it should work. I am not looking to make this process more difficult. IP Whitelisting is really an insecure way to go about this if we are trusting the local DNS because that could be compromised or misconfigured. I mean it certainly is better than trusting all connections but that is like saying having a door on your house is enough to keep burglars out.

 
This problem has more than likely been in the program for years. I knew there was something that wasn’t quite right about the way the requests were handled in SAM Broadcaster (Far too complicated to set up for starters) I just knew that it wasn’t as secure as it should have been.

So yet again it just appears the problems are racking up for SAM broadcaster. Think about your server and computers security when choosing software that handles requests and don’t buy SAM broadcaster from Spacial Audio.

It could leave your computer open to attack. Which would be the last thing you would need when running an Internet radio station.

Quick update on this post: 25/07/2014 There have also now been some security issues found within the samPHPweb templates themselves.You can read about that here.

Translate »