RECENT NEWS
📢 𝟑𝟎% Discount for all ads only this month ❄️

RSPS Password Grabbing [Security Flaw]

Crow
power_settings_new
Seen 3 weeks ago
Rune Warrior (34/40)
Rune Warrior
0
0
0
34 Posts
Posts
0
Warning level
0
Likes
0
Dislikes
Joined: 2022-04-24

Hello,

I don't ever post on here, but I have recently discovered a security flaw that I would like to share with other server owners/developers.
There ARE servers out there that have this system/something similar and its important that action is taken to prevent this from happening. PROTECT YOUR PLAYERS AND YOUR STAFF!

When a player saves their username/password by clicking 'remember me' it saves their username & password into a file in the client's cache.

Lets say a player on noob-pk saves their username & password inside their cache, then they launch fun-pk. The fun-pk client can load the username & password saved inside the noob-pk cache then send the data back to the server allowing the fun-pk server owners to have your password used on fun-pk. This can be used to hack staff accounts, owner accounts, or possibly even go further.

You may be thinking this is the dumbest thing ever, however this is overlooked by a lot of server owners.

I have personally seen this type of system in one of the top servers - protect your self by disabling this system, changing it up a little atleast, adding some sort of whitelist/security system into your server to protect people from getting hacked.

00
  • Like
Reactions: