This object is in archive! 
Timer block owned by Nobody able to control hostile block groups
Solved
Hello support team,
This issue was tested on vanilla dedicated server 1.197.073 on 12/20/2020.
If a player places a timer block on a hostile grid (like SPRT or a hostile faction) and changes the timer's ownership to Nobody, the timer when executed is able to control all existing block groups on that grid. for instance, a group of hostile turrets can be turned off.
I would consider this to be a critical permissions exploit. please address this as soon as you can. thank you.
I have also found that the same can be done with a cockpit, and button, sensor, and air vents like Dalten describes.
I have also found that the same can be done with a cockpit, and button, sensor, and air vents like Dalten describes.
Replicated it in singleplayer aswell.
Placed grinders + batteries, gave them to SPRT. Placed timer block, set its owner to nobody, configured toolbar to add grinders' on/off and pressing trigger now on timer toggled the grinders.
Replicated it in singleplayer aswell.
Placed grinders + batteries, gave them to SPRT. Placed timer block, set its owner to nobody, configured toolbar to add grinders' on/off and pressing trigger now on timer toggled the grinders.
I think this might be also a feature. Keep your grids protected
I think this might be also a feature. Keep your grids protected
Hello Dalten!
Thank you very much for this information and to Digi for the steps. I have managed to reproduce this and report the issue.
Kind Regards
Laura, QA Department
Hello Dalten!
Thank you very much for this information and to Digi for the steps. I have managed to reproduce this and report the issue.
Kind Regards
Laura, QA Department
Keen did not patch this exploit. this was tested today on 1.199.020 using timer blocks, control seats and button panels. in fact THIS time I didn't have to change the block owner to Nobody. it worked owned by myself.
keen patch notes:
Fixed players being able to change settings of access denied blocks
Fixed players being able to change values of access denied blocks
Keen did not patch this exploit. this was tested today on 1.199.020 using timer blocks, control seats and button panels. in fact THIS time I didn't have to change the block owner to Nobody. it worked owned by myself.
keen patch notes:
Fixed players being able to change settings of access denied blocks
Fixed players being able to change values of access denied blocks
Hello, Engineers!
I´m happy to inform you that this issue will be fixed in upcoming game update v200.
Kind Regards
Keen Software House: QA Department
Hello, Engineers!
I´m happy to inform you that this issue will be fixed in upcoming game update v200.
Kind Regards
Keen Software House: QA Department
Replies have been locked on this page!