Welcome to Open Carnage

A resource for Halo Custom Edition and MCC modding, with unique means of rewarding content creation and support. Have a wander to see why we're worth the time! - EST. 2012

Kavawuvi

Vulnerability: Don't use CD hashes for admin verification

So apparently a potential security vulnerability was discovered and successfully exploited. If you're running a server, I recommend reading this for information on how to safeguard against it.

 

First, let me preface by stating that CD hashes are not private. They are sent in plaintext to every server you join, and there are hundreds of servers, many of which have a database of CD hashes to handles. If you've ever played online, assume everyone knows your CD hash and profile name at this point.

 

Many servers use CD hashes to associate players with administrator privileges. Doing this depends on the fact that the master server can protect against this, but it appears the newer reverse engineered master server does not correctly do this.

 

Since Chimera supports spoofing your CD hash and hashes are obviously not private, you can spoof your hash as someone else's. As a result, it is possible to steal people's administrator permissions if the server is configured to accept only CD hashes as verification. This is not the intended functionality of Chimera, and I do NOT support or condone doing this. But now that this is known, server owners should avoid solely using CD hashes for verification. If you must use this, also use a secondary form of verification such as IP addresses.

Share this post


Link to post
Share on other sites

Tiddy-bits:

20 minutes ago, Kavawuvi said:

Since Chimera supports spoofing your CD hash and hashes are obviously not private, you can spoof your hash as someone else's.


Also worth noting that ever since cd key checks were disabled officially this is possible with any ce client. As well as having it randomized everytime ce starts by removing a few lines in a file lol.

Enclusion and Kavawuvi like this

Share this post


Link to post
Share on other sites
Just now, AntiMomentum said:

Also worth noting that ever since cd key checks were disabled officially this is possible with any ce client. As well as having it randomized everytime ce starts by removing a few lines in a file lol.

Chimera randomizes your hash by default.

 

It also does this every time you join a server.

AntiMomentum and Enclusion like this

Share this post


Link to post
Share on other sites

Yeah, a timeout on login attempts, and rcon pass + ip combo would help lock it down. Do you of any lua scripts that might increase the rcon character limit for sapp?

Enclusion likes this

Share this post


Link to post
Share on other sites
8 minutes ago, AntiMomentum said:

Yeah, a timeout on login attempts, and rcon pass + ip combo would help lock it down. Do you of any lua scripts that might increase the rcon character limit for sapp?

I don't. Unfortunately this is a netcode thing and can't actually be increased without breaking compatibility with clients. I suppose since it's rcon, you'd just need a special client in order to send rcon requests and everything else would work fine, but still...

Enclusion likes this

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.