Regular players gaining admin powers.

    H

    HGG-DeltaSierra

    Joined
    Dec 26, 2013
    Messages
    2
    Reaction score
    0
    • Legacy Citizen
    At the moment, players are able to imitate an admins name from the log in screen, if they do that they spawn where the admin logged off, and has all powers.



    Serious security flaw.
     
    I

    Imperial_Gold

    Joined
    Jun 22, 2013
    Messages
    239
    Reaction score
    2
    Admin should have authenticated his/her account on the forums. They should have used the same name on the forums when they logged in.
     
    Tydeth

    Tydeth

    Joined
    Nov 20, 2013
    Messages
    190
    Reaction score
    80
    • Purchased!
    • Community Content - Bronze 1
    • Legacy Citizen 10
    In the server and setting cfg, there\'s an option:

    USE_STARMADE_AUTHENTICATION = false //allow star-made.org authentication

    It is default at false. In order to prevent that imitation, not only does the user need to have authenticated to protect their name, but apparently the server has to have that option set to true so the server will actually bother to check and stop impersonation of authenticated persons.

    Beneath that option on both files is:

    REQUIRE_STARMADE_AUTHENTICATION = false //require star-made.org authentication (USE_STARMADE_AUTHENTICATION must be true)

    If that is true, then everyone who wants to play must be uplinked, no exceptions. False here with the USE at true means uplinked/authenticated names are secure from impersonation, while those who have not are fair game.
     
    You must log in or register to reply here.
    Top Bottom