What happened to OC? - CLOSED Carnage?!

See Announcement

Kavawuvi

Vulnerability: Don't use CD hashes for admin verification

Started by Kavawuvi,

Posted

So apparently a potential security vulnerability was discovered and successfully exploited. If you're running a server, I recommend reading this for information on how to safeguard against it.

 

First, let me preface by stating that CD hashes are not private. They are sent in plaintext to every server you join, and there are hundreds of servers, many of which have a database of CD hashes to handles. If you've ever played online, assume everyone knows your CD hash and profile name at this point.

 

Many servers use CD hashes to associate players with administrator privileges. Doing this depends on the fact that the master server can protect against this, but it appears the newer reverse engineered master server does not correctly do this.

 

Since Chimera supports spoofing your CD hash and hashes are obviously not private, you can spoof your hash as someone else's. As a result, it is possible to steal people's administrator permissions if the server is configured to accept only CD hashes as verification. This is not the intended functionality of Chimera, and I do NOT support or condone doing this. But now that this is known, server owners should avoid solely using CD hashes for verification. If you must use this, also use a secondary form of verification such as IP addresses.

Enclusion, AntiMomentum, Takka and 1 other like this

Share this post

Link to post
Share on other sites

Tiddy-bits:

Posted

20 minutes ago, Kavawuvi said:

Since Chimera supports spoofing your CD hash and hashes are obviously not private, you can spoof your hash as someone else's.


Also worth noting that ever since cd key checks were disabled officially this is possible with any ce client. As well as having it randomized everytime ce starts by removing a few lines in a file lol.

Enclusion and Kavawuvi like this

Share this post

Link to post
Share on other sites

Posted

Just now, AntiMomentum said:

Also worth noting that ever since cd key checks were disabled officially this is possible with any ce client. As well as having it randomized everytime ce starts by removing a few lines in a file lol.

Chimera randomizes your hash by default.

 

It also does this every time you join a server.

Enclusion and AntiMomentum like this

Share this post

Link to post
Share on other sites

Posted

Yeah, a timeout on login attempts, and rcon pass + ip combo would help lock it down. Do you of any lua scripts that might increase the rcon character limit for sapp?

Enclusion likes this

Share this post

Link to post
Share on other sites

Posted

8 minutes ago, AntiMomentum said:

Yeah, a timeout on login attempts, and rcon pass + ip combo would help lock it down. Do you of any lua scripts that might increase the rcon character limit for sapp?

I don't. Unfortunately this is a netcode thing and can't actually be increased without breaking compatibility with clients. I suppose since it's rcon, you'd just need a special client in order to send rcon requests and everything else would work fine, but still...

Enclusion likes this

Share this post

Link to post
Share on other sites
Go To Topic Listing Halo CE: General

  • Recently Browsing   0 members

    No registered users viewing this page.