Bug #400: $setadmin allows indirect nointeract restriction bypass
| ID | #400 |
|---|---|
| Submitter | Sausage |
| Product | EOSERV |
| Severity | High |
| Status | CLOSED, FIXED |
| Submitted | 15th Nov 2015 |
| Updated | 8th Apr 2016 |
| Rev# | Date | Description |
|---|---|---|
| r525 | 08 Apr 2016 09:32:29 UTC | Update nointeract setting when admin level is promoted (bug #400), Prevent demoting an admin ... |
9 years, 4 weeks ago
If you use $setadmin to adjust someone's admin level, the default nointeract restrictions don't apply to them until they log our and in. This would allow Player A with an admin level higher than the norestrict level to adjust the admin level of another character, who would then not have the restrictions Player A does.
Comments
8 years, 35 weeks ago
Updating to high severity. This is not considered critical as the only command this provides access to in a default configuration is $settitle.
Updated Severity to HIGH
8 years, 35 weeks ago
Fixed in r525.
Updated Status to CLOSED, FIXED
Add Comment
Please don't post unless you have something relevant to the bug to say.
Do not comment to say "thanks" or "fix this please".
Please log in to add comments. EOSERV Bug Tracker > Bug #400: $setadmin allows indirect nointeract restriction bypass