Floating User Bug Found In TripleA Lobby

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Floating User Bug Found In TripleA Lobby

Wisconsin
I have found another bug in the lobby that allows someone to add as many 'floating' users to the player list as they want that are not able to be kicked off the lobby by any moderators. (Was tested by moderator and player booting failed to work)

The hack takes advantage of... (Better not say... :P)

I will send the details to the developers to have it fixed in the next release.

Thanks,
    Wisconsin
Reply | Threaded
Open this post in threaded view
|

Re: Floating User Bug Found In TripleA Lobby

U-boat
Wisconsin the Exterminator
Reply | Threaded
Open this post in threaded view
|

Re: Floating User Bug Found In TripleA Lobby

Veqryn
Administrator
In reply to this post by Wisconsin
hax0rs max0rs

can the floating non-kickable users talk and play games?
or are they really just ghosts?

i suppose the only abuse-able feature if they are ghosts, are to make users' with bad names, or just make a 1000 to fill the lobby with a personal zombie army....
Please contribute to the TripleA 2013 donation drive:
http://tripleadev.1671093.n2.nabble.com/2013-TripleA-Donation-Drive-tp7583455.html
Reply | Threaded
Open this post in threaded view
|

Re: Floating User Bug Found In TripleA Lobby

Wisconsin
I'm not entirely sure, but I believe that I could make it so the non-kickable users could also chat and play games. I think the bug it takes advantage of only messes up the administrative tools.
Reply | Threaded
Open this post in threaded view
|

Re: Floating User Bug Found In TripleA Lobby

U-boat
does this mean that there are probably thousands of other security bugs? Finding one tells me there are several holes. Though I don't think they will be exploited.
Reply | Threaded
Open this post in threaded view
|

Re: Floating User Bug Found In TripleA Lobby

Wisconsin
I believe there are many more and that many will never even be found. That's why I think we only need to fix the most important ones...

This one is less important because there are probably many other ones just like it that can be used even if this one is fixed. The impersonation bug was important, though, because it could be used to severely ruin someone's public image.

Because TripleA is open-source, there will always be ways for hackers to ruin the lobby in some way. It's very saddening, but that's really what I think.

Thanks,
    Wisconsin

P.S. I will be working more on the map creator now, so I won't be looking for more lobby bugs.
Reply | Threaded
Open this post in threaded view
|

Re: Floating User Bug Found In TripleA Lobby

Wisconsin
For anyone that's worried, I do not think that this report itself will open the doors for hackers. Posting the details of the hack would not be good, but just reporting the issue isn't. If there were any hackers here, they would have already figured out these loopholes.

So the best way we can stop them is by fixing the bugs before they have a reason to use them.
Reply | Threaded
Open this post in threaded view
|

Re: Floating User Bug Found In TripleA Lobby

ComradeKev
Administrator
The emails you send to the devs will be sufficient to get a patch.  There's no need to tempt fate by publicizing the vulnerability.

Oh, and thank you for helping to track these down.  It's much appreciated!
If emailing me at ComradeKev at yahoo.com , please add TripleA to the subject line
Reply | Threaded
Open this post in threaded view
|

Re: Floating User Bug Found In TripleA Lobby

U-boat
In reply to this post by Wisconsin
I want to see them get fixed, but I hate having to download a new TripleA all the time. Good work though.

On Thu, Aug 19, 2010 at 2:14 AM, Wisconsin [via tripleadev] <[hidden email]> wrote:
I believe there are many more and that many will never even be found. That's why I think we only need to fix the most important ones...

This one is less important because there are probably many other ones just like it that can be used even if this one is fixed. The impersonation bug was important, though, because it could be used to severely ruin someone's public image.

Because TripleA is open-source, there will always be ways for hackers to ruin the lobby in some way. It's very saddening, but that's really what I think.

Thanks,
    Wisconsin

P.S. I will be working more on the map creator now, so I won't be looking for more lobby bugs.
Johannes Kepler: (Astronomy/Laws of Planetary Motion)
 "I am a Christian...I believe... only and alone in the service of Jesus Christ...In Him is all refuge, all solace."

Michael Faraday: (Inventor of the transformer and electric generator, discovered Benzene, and more...)
"Speculations? I have none. I am resting on certainties. 'I know whom I have believed and am persuaded that He is able to keep that which I have committed unto Him against that day.'"

You can find more quotes from famous scientists here: http://www.eadshome.com/Sciencequotes.htm



View message @ http://tripleadev.1671093.n2.nabble.com/Floating-User-Bug-Found-In-TripleA-Lobby-tp5438509p5439063.html
To unsubscribe from Re: Floating User Bug Found In TripleA Lobby, click here.




--
U-Boat