Quote from
Crow on April 24, 2022, 4:28 pm
Hello,
I don't ever post on here, but I have recently discovered a security flaw that I would like to share with other server owners/developers.
There ARE servers out there that have this system/something similar and its important that action is taken to prevent this from happening. PROTECT YOUR PLAYERS AND YOUR STAFF!
When a player saves their username/password by clicking 'remember me' it saves their username & password into a file in the client's cache.
Lets say a player on noob-pk saves their username & password inside their cache, then they launch fun-pk. The fun-pk client can load the username & password saved inside the noob-pk cache then send the data back to the server allowing the fun-pk server owners to have your password used on fun-pk. This can be used to hack staff accounts, owner accounts, or possibly even go further.
You may be thinking this is the dumbest thing ever, however this is overlooked by a lot of server owners.
I have personally seen this type of system in one of the top servers - protect your self by disabling this system, changing it up a little atleast, adding some sort of whitelist/security system into your server to protect people from getting hacked.
Hello,
I don't ever post on here, but I have recently discovered a security flaw that I would like to share with other server owners/developers.
There ARE servers out there that have this system/something similar and its important that action is taken to prevent this from happening. PROTECT YOUR PLAYERS AND YOUR STAFF!
When a player saves their username/password by clicking 'remember me' it saves their username & password into a file in the client's cache.
Lets say a player on noob-pk saves their username & password inside their cache, then they launch fun-pk. The fun-pk client can load the username & password saved inside the noob-pk cache then send the data back to the server allowing the fun-pk server owners to have your password used on fun-pk. This can be used to hack staff accounts, owner accounts, or possibly even go further.
You may be thinking this is the dumbest thing ever, however this is overlooked by a lot of server owners.
I have personally seen this type of system in one of the top servers - protect your self by disabling this system, changing it up a little atleast, adding some sort of whitelist/security system into your server to protect people from getting hacked.
