| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
|---|---|---|---|---|---|---|---|---|---|
| 0001362 | Spring engine | General | public | 2009-03-24 21:38 | 2009-10-03 10:46 | ||||
| Reporter | bibim_ | ||||||||
| Assigned To | Auswaschbar | ||||||||
| Priority | normal | Severity | major | Reproducibility | always | ||||
| Status | resolved | Resolution | fixed | ||||||
| Product Version | 0.78.2.1 | ||||||||
| Target Version | 0.81.0.0 | Fixed in Version | 0.80.4.0 | ||||||
| Summary | 0001362: Protection against player-spoofing in network code | ||||||||
| Description | Currently it seems the network code isn't protected at all against player-spoofing. This can be used to perform DOS attacks on specifics users (which prevents them from playing and/or hosting any Spring MOD), or even on all users (which could simply prevent everyone from playing any Spring MOD...). Solution proposal to fix this problem: - when a player joins a battle, the lobby server would choose and send a password to him and the battle founder: . the "JOINBATTLE" command sent by the lobby server to a player who just joined successfully a battle would become: "JOINBATTLE <battleId> <modHash> <password>" . the "JOINEDBATTLE" command sent by the lobby server to the battle founder would become "JOINEDBATTLE <battleId> <userName> <password>" - when the game is starting, the host would write each player password in the startscript, so that the Spring server can read them - the clients would send <userName>,<password>,<version> in the connectAttempt UDP message, instead of just <userName>,<version> - when the Spring server receives a connectAttempt UDP message, it checks that the password matches the player's password in the startscript | ||||||||
| Steps To Reproduce | I've made a small bot (DosServ) as a proof of concept of this flaw. If you say "!dosAttack" to him, it will enable the DOS attack on your lobby account so you shouldn't be able to host or join games anymore. If you disconnect from the lobby server then it will disable the DOS attack (you can reconnect and play normally). You can also say "!dosAttack" another time to DosServ to disable it manually. | ||||||||
| Tags | No tags attached. | ||||||||
| Checked infolog.txt for Errors | |||||||||
| Attached Files |
| ||||||||
 Relationships |
||||||
|
||||||
 Relationships |
| Notes |
|
|
imbaczek (reporter) 2009-03-26 17:56 |
i suggest working in cooperation with aegis so uberserver is fixed. |
|
Auswaschbar (reporter) 2009-03-27 20:57 |
Alternate proprosal: - Server (the one who hosted the battle in lobby) generate some random string as password, sends it out to clients (via SETSCRIPTTAG or similar) - Server adds the password-string to player field in script.txt - Client adds a MyBattlePassword or something to his script.txt - Spring sends and compares them internally |
|
bibim_ (reporter) 2009-03-27 23:46 |
You mean using a by-battle password instead of by-user password ? But then any player of the battle could still impersonate other players. And even worse: any player could join the battle, get the password, leave the battle, and then impersonate all players when the game starts. |
|
Auswaschbar (reporter) 2009-03-28 13:49 |
Nope, it would be still per-user |
|
bibim_ (reporter) 2009-03-28 15:28 |
Then, the only difference I see with my proposal is using SETSCRIPTTAG command instead of modifying the JOINBATTLE and JOINEDBATTLE commands sent by lobby server. But the problem with the SETSCRIPTTAG command is that script tags are broadcasted to all players of the battle, so each player of the battle will have all passwords and could impersonate all other players. |
| Notes |
| Issue History |
|||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2009-03-24 21:38 | bibim_ | New Issue | |
| 2009-03-24 21:52 | lurker | View Status | private => public |
| 2009-03-26 17:56 | imbaczek | Note Added: 0003344 | |
| 2009-03-27 20:57 | Auswaschbar | Note Added: 0003348 | |
| 2009-03-27 23:46 | bibim_ | Note Added: 0003349 | |
| 2009-03-28 13:49 | Auswaschbar | Note Added: 0003350 | |
| 2009-03-28 15:28 | bibim_ | Note Added: 0003351 | |
| 2009-06-03 17:14 | tvo | Relationship added | related to 0001443 |
| 2009-09-13 02:17 | Auswaschbar | Status | new => resolved |
| 2009-09-13 02:17 | Auswaschbar | Fixed in Version | => 0.80.4.0 |
| 2009-09-13 02:17 | Auswaschbar | Resolution | open => fixed |
| 2009-09-13 02:17 | Auswaschbar | Assigned To | => Auswaschbar |
| 2009-10-03 10:46 | imbaczek | Target Version | => 0.81.0.0 |
| Issue History |