Hello, I've been digging around in Stormwork's memory for a little bit and I found an issue that can impact the multiplayer experience quite heavily. I noticed that variables responsible for locking players out of the custom menu are stored statically. This allows for anyone with any reverse engineering knowledge to easily gain access to the custom menu easily on any server. I do have a few solutions, one would be to implement server side verification for changes done on the custom menu. Another solution would be to rework the implementation of the custom menu and have the variables stored dynamically. If needed I can provide code or a built application that can demonstrate this. It's very likely that this vulnerability has been, or will be used to cheat.
Votes by users: 2
Fri 15 December 2023 22:56
AMD Ryzen 7 3800X 8-Core Processor (x64)
NVIDIA GeForce RTX 3080/PCIe/SSE2 4.6.0 NVIDIA 561.09
32768MB RAM
Windows 10 Pro 10.0 64bit
Stormworks 64-bit
v1.9.20
Closed (Implemented)
Defect
Duplicates of this issue:
24497Sat 16 December 2023 04:26
Ignore my silly grammar mistake.
Wed 01 May 2024 08:10
This issue has been automatically closed as implemented due to a related developer task being marked as live in milestone 2024-04-24 RELEASE: MINOR UPDATE H.
Issue closed