Sausage
 Administrator
Joined: 26th Jul 2008
Posts: 1346
 EO Server Backdoor Warnings
Update: While EOSource 1.4 is now "encrypted" with some exe obfuscator, an obvious marker of trying to hide something, the backdoor demonstrated here seems to be gone for now. Passwords are also still stored plain-text in memory while you are logged in, it is unknown if there are any other backdoors to allow people access to them.
EOSource contains a backdoor which allows "anyone" to retrieve the account name and password of anyone online.
See: this screenshot Seose contains a publicly known backdoor which allows anyone to elevate their character to admin status.
See: this forum topic
It is recommended for Seose users to use the Seose2EOSERV tool from the previous announcement to convert their database and switch to EOSERV 0.5.3 if they haven't yet. It's recommended for anyone playing on an EOSource server to make sure they change their password to something they don't mind other people knowing (a good idea for playing on any untrusted private server), and for anyone running an EOSource server to plan on migrating to a safe distribution and avoid logging in to accounts with admin characters that they don't want stolen.
Also a general reminder not to use the same password on any website or private server, you are trusting the owner of whatever service you access not to misuse the information you give it.
12 years, 51 weeks ago
|
Pasta
Joined: 27th Jan 2011
Posts: 1715
Re: Warning: Do not use EOSource or Seose
:O nice job sausage! thanks to tell us this :) ---
~~ When life give you pasta, you eat it ~~
12 years, 51 weeks ago
|
Sausage
Administrator
Joined: 26th Jul 2008
Posts: 1346
Re: Warning: Do not use EOSource or Seose
Here is a cleaned version of EOSource 1.3 with the backdoor disabled. I don't make any guarantees about it's safety and there may be other such "hidden features".
Simply extract this zip file, replace EOSource.exe and restart your server.
12 years, 51 weeks ago
|
Cirras
Joined: 11th Mar 2011
Posts: 1221
Re: Warning: Do not use EOSource or Seose
I've always been a little suspicious of EOSource, thanks for bringing this to light Sausage. I will be switching from Seose to Vodka if I ever need to put up a hangout server again.
PS: Nice password ;D
---
Want to learn to pixel?
Pixelsource.org
12 years, 51 weeks ago
|
Klutz
Joined: 14th Jul 2009
Posts: 1737
Re: Warning: Do not use EOSource or Seose
Cirras posted: (9th Jan 2012, 02:16 am)
I've always been a little suspicious of EOSource, thanks for bringing this to light Sausage. I will be sticking to Vodka if I ever need to put up a hangout server again.
PS: Nice password ;D
I'm glad I never bothered with it even once =p
Ignorance for the win!
How exactly did this come about? If Hollow had made this himself shouldn't he be banned or something?
---
Web developer, currently looking for graphic artists / designers.
12 years, 51 weeks ago
|
maori
Joined: 16th May 2010
Posts: 302
Re: Warning: Do not use EOSource or Seose
i agree with you never trust any closed source didn't use eosouce once.
12 years, 51 weeks ago
|
Re: Warning: Do not use EOSource or Seose
I knew Ele would put a backdoor in EOSource.
Sausage: I love you.<3
12 years, 51 weeks ago
|
Minerva
Joined: 1st Feb 2011
Posts: 739
Re: Warning: Do not use EOSource or Seose
*switches server back to eoserv* ---
If at first you don't succeed; call it version 1.0
12 years, 51 weeks ago
|
Re: Warning: Do not use EOSource or Seose
man this forum was great before eo source , thanks dude
12 years, 51 weeks ago
|
kodyt
Joined: 6th Apr 2009
Posts: 2271
Re: Warning: Do not use EOSource or Seose
Eh told everyone Vodka > Eosource ---
http://www.ctronic.ga
http://www.tsu.co/Deltro
https://www.reverbnation.com/deltro9
12 years, 51 weeks ago
|
Re: Warning: Do not use EOSource or Seose
kodyt posted: (9th Jan 2012, 03:05 am)
Eh told everyone Vodka > Eosource
Everything > EOSource
12 years, 51 weeks ago
|
|
Re: Warning: Do not use EOSource or Seose
12 years, 51 weeks ago
|
Re: Warning: Do not use EOSource or Seose
now i am 100% that some eosource can know ur id and pass, when i made a new acc in an eo-source server which its id and pass similar to the banned old one , the owner banned after i just got in , however i made a female charcter and my old banned charcter was a male , but i donot know how the
owner knew it was me
the only chance he had is my id and pass.
12 years, 51 weeks ago
|
kodyt
Joined: 6th Apr 2009
Posts: 2271
Re: Warning: Do not use EOSource or Seose
mahmoud2z5 posted: (9th Jan 2012, 03:15 am)
now i am 100% that some eosource can know ur id and pass, when i made a new acc in an eo-source server which its id and pass similar to the banned old one , the owner banned after i just got in , however i made a female charcter and my old banned charcter was a male , but i donot know how
theowner knew it was me
the only chance he had is my id and pass.
uhh an it shows your pc name in the database ... oh an your ip when you connect so it wouldn't be hard for them to know its you with out getting your "user/pass"... derpa fucking derp... ---
http://www.ctronic.ga
http://www.tsu.co/Deltro
https://www.reverbnation.com/deltro9
12 years, 51 weeks ago
|
Re: Warning: Do not use EOSource or Seose
kodyt posted: (9th Jan 2012, 03:17 am)
mahmoud2z5 posted: (9th Jan 2012, 03:15 am)
now i am 100% that some eosource can know ur id and pass, when i made a new acc in an eo-source server which its id and pass similar to the banned old one , the owner banned after i just got in , however i made a female charcter and my old banned charcter was a male , but i donot know
howtheowner knew it was me
the only chance he had is my id and pass.
uhh an it shows your pc name in the database ... oh an your ip when you connect so it wouldn't be hard for them to know its you with out getting your "user/pass"... derpa fucking derp...
1- i was on a proxy
2- i was on a differnet computer
3- the fucking owner wont be looking the damn console and the database every min
12 years, 51 weeks ago
| | | | | | | | | | | | | | | |
