Thread: RSPS Password Grabbing [Security Flaw]

Page 1 of 3 123 LastLast
Results 1 to 10 of 22
  1. #1 RSPS Password Grabbing [Security Flaw] 
    The Realm

    Jonnys's Avatar
    Join Date
    Jan 2018
    Posts
    28
    Thanks given
    27
    Thanks received
    26
    Rep Power
    140
    Hello,

    I don't ever post on here, but I have recently discovered a security flaw that I would like to share with other server owners/developers.
    There ARE servers out there that have this system/something similar and its important that action is taken to prevent this from happening. PROTECT YOUR PLAYERS AND YOUR STAFF!

    When a player saves their username/password by clicking 'remember me' it saves their username & password into a file in the client's cache.

    Lets say a player on noob-pk saves their username & password inside their cache, then they launch fun-pk. The fun-pk client can load the username & password saved inside the noob-pk cache then send the data back to the server allowing the fun-pk server owners to have your password used on fun-pk. This can be used to hack staff accounts, owner accounts, or possibly even go further.

    You may be thinking this is the dumbest thing ever, however this is overlooked by a lot of server owners.

    I have personally seen this type of system in one of the top servers - protect your self by disabling this system, changing it up a little atleast, adding some sort of whitelist/security system into your server to protect people from getting hacked.
    Reply With Quote  
     

  2. Thankful user:


  3. #2  
    Banned

    Join Date
    Mar 2015
    Age
    31
    Posts
    1,332
    Thanks given
    215
    Thanks received
    329
    Rep Power
    0
    Quote Originally Posted by Jonnys View Post
    Hello,

    I don't ever post on here, but I have recently discovered a security flaw that I would like to share with other server owners/developers.
    There ARE servers out there that have this system/something similar and its important that action is taken to prevent this from happening. PROTECT YOUR PLAYERS AND YOUR STAFF!

    When a player saves their username/password by clicking 'remember me' it saves their username & password into a file in the client's cache.

    Lets say a player on noob-pk saves their username & password inside their cache, then they launch fun-pk. The fun-pk client can load the username & password saved inside the noob-pk cache then send the data back to the server allowing the fun-pk server owners to have your password used on fun-pk. This can be used to hack staff accounts, owner accounts, or possibly even go further.

    You may be thinking this is the dumbest thing ever, however this is overlooked by a lot of server owners.

    I have personally seen this type of system in one of the top servers - protect your self by disabling this system, changing it up a little atleast, adding some sort of whitelist/security system into your server to protect people from getting hacked.
    nah server owner's nowadays only care for money, they don't care about security
    Reply With Quote  
     

  4. Thankful user:


  5. #3  
    Retro


    Join Date
    Mar 2008
    Posts
    63
    Thanks given
    30
    Thanks received
    23
    Rep Power
    93
    Security>Marketing
    Reply With Quote  
     

  6. Thankful user:


  7. #4  
    Banned

    Join Date
    Mar 2015
    Age
    31
    Posts
    1,332
    Thanks given
    215
    Thanks received
    329
    Rep Power
    0
    Quote Originally Posted by Mario Bros View Post
    Security>Marketing
    i saw a server, they have 1 dev and 6 youtuber (to showcase the server) but the development side is kinda shit
    Reply With Quote  
     

  8. #5  
    08-13, SpawnScape Owner

    jet kai's Avatar
    Join Date
    Dec 2009
    Age
    28
    Posts
    870
    Thanks given
    630
    Thanks received
    957
    Rep Power
    5000
    Thanks JonnyS. I’ll start scanning for servers doing this and be sure to tell them off.
    Reply With Quote  
     

  9. Thankful user:


  10. #6  
    Registered Member

    Join Date
    Feb 2013
    Posts
    19
    Thanks given
    4
    Thanks received
    7
    Rep Power
    324
    Just don't save plain-text passwords anywhere...
    Reply With Quote  
     

  11. Thankful user:


  12. #7  
    Blurite

    Corey's Avatar
    Join Date
    Feb 2012
    Age
    26
    Posts
    1,491
    Thanks given
    1,245
    Thanks received
    1,729
    Rep Power
    5000
    What's great is when the owner gives players a cache with the owners own username and password pre-saved
    Attached image
    Reply With Quote  
     


  13. #8  
    Registered Member
    Join Date
    Dec 2013
    Posts
    419
    Thanks given
    127
    Thanks received
    85
    Rep Power
    349
    Quote Originally Posted by Corey View Post
    What's great is when the owner gives players a cache with the owners own username and password pre-saved
    LOOL if this is legit
    Reply With Quote  
     

  14. #9  
    Registered Member
    Optimum's Avatar
    Join Date
    Apr 2012
    Posts
    3,570
    Thanks given
    871
    Thanks received
    1,745
    Rep Power
    5000
    Rename the txt file to .txt5 or something

    Quote Originally Posted by DownGrade View Post
    Don't let these no life creeps get to you, its always the same on here. They'd rather spend hours upon hours in the rune-server spam section then getting laid! ha ha!Its honestly pathetic i haven't seen so many lowlifes in my life its actually insane i wish that this section would just vanish its probably the only way to get these people out of the community...
    PLEASE BE AWARE OF IMPOSTERS MY DISCORD ID: 362240000760348683
    Reply With Quote  
     

  15. Thankful users:


  16. #10  
    Banned

    Join Date
    Mar 2015
    Age
    31
    Posts
    1,332
    Thanks given
    215
    Thanks received
    329
    Rep Power
    0
    Quote Originally Posted by Optimum View Post
    Rename the txt file to .txt5 or something
    or virusdontopen.txt
    Reply With Quote  
     

Page 1 of 3 123 LastLast

Thread Information
Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


User Tag List

Similar Threads

  1. Replies: 13
    Last Post: 08-01-2012, 09:32 AM
  2. Rsa secure password manager
    By Killer 99 in forum Application Development
    Replies: 21
    Last Post: 02-24-2010, 03:22 PM
  3. Colby's Secure Password Manager
    By Colby in forum Application Development
    Replies: 23
    Last Post: 01-27-2010, 06:33 AM
  4. Replies: 6
    Last Post: 07-14-2009, 11:59 PM
  5. Fix found for net security flaw
    By DJ Dan in forum Software
    Replies: 0
    Last Post: 07-09-2008, 03:53 PM
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •