This object is in archive! 

Timer block owned by Nobody able to control hostile block groups

Dalten shared this bug 3 years ago
Solved

Hello support team,

This issue was tested on vanilla dedicated server 1.197.073 on 12/20/2020.

If a player places a timer block on a hostile grid (like SPRT or a hostile faction) and changes the timer's ownership to Nobody, the timer when executed is able to control all existing block groups on that grid. for instance, a group of hostile turrets can be turned off.

I would consider this to be a critical permissions exploit. please address this as soon as you can. thank you.

Replies (6)

photo
2

I have also found that the same can be done with a cockpit, and button, sensor, and air vents like Dalten describes.

photo
3

Replicated it in singleplayer aswell.

Placed grinders + batteries, gave them to SPRT. Placed timer block, set its owner to nobody, configured toolbar to add grinders' on/off and pressing trigger now on timer toggled the grinders.

photo
1

I think this might be also a feature. Keep your grids protected

photo
1

Hello Dalten!

Thank you very much for this information and to Digi for the steps. I have managed to reproduce this and report the issue.

Kind Regards

Laura, QA Department

photo
1

Keen did not patch this exploit. this was tested today on 1.199.020 using timer blocks, control seats and button panels. in fact THIS time I didn't have to change the block owner to Nobody. it worked owned by myself.

keen patch notes:

Fixed players being able to change settings of access denied blocks

Fixed players being able to change values of access denied blocks

photo
1

Hello, Engineers!

I´m happy to inform you that this issue will be fixed in upcoming game update v200.

Kind Regards

Keen Software House: QA Department

photo
1

Let's hope you're right this time, since 1.199 didn't fix this exploit as stated.

photo
1

tested on dedicated server 1.200.030, and you are correct., the exploit has been patched. thank you and your team for addressing this problem.

Replies have been locked on this page!