EOSERV Forum > Announcements > EO Server Backdoor Warnings
Topic is locked.
Page: << 1 2 3 ... 14 15 >>
EO Server Backdoor Warnings
Author Message
Post #121620 EO Server Backdoor Warnings

Update: While EOSource 1.4 is now "encrypted" with some exe obfuscator, an obvious marker of trying to hide something, the backdoor demonstrated here seems to be gone for now.

    Passwords are also still stored plain-text in memory while you are logged in, it is unknown if there are any other backdoors to allow people access to them.


    EOSource contains a backdoor which allows "anyone" to retrieve the account name and password of anyone online.
    See: this screenshot

    Seose contains a publicly known backdoor which allows anyone to elevate their character to admin status.
    See: this forum topic

    It is recommended for Seose users to use the Seose2EOSERV tool from the previous announcement to convert their database and switch to EOSERV 0.5.3 if they haven't yet.

    It's recommended for anyone playing on an EOSource server to make sure they change their password to something they don't mind other people knowing (a good idea for playing on any untrusted private server), and for anyone running an EOSource server to plan on migrating to a safe distribution and avoid logging in to accounts with admin characters that they don't want stolen.


    Also a general reminder not to use the same password on any website or private server, you are trusting the owner of whatever service you access not to misuse the information you give it.

    12 years, 51 weeks ago
    Post #121622 Re: Warning: Do not use EOSource or Seose

    :O nice job sausage! thanks to tell us this :)

    ---
    ~~ When life give you pasta, you eat it ~~
    12 years, 51 weeks ago
    Post #121626 Re: Warning: Do not use EOSource or Seose

    Here is a cleaned version of EOSource 1.3 with the backdoor disabled. I don't make any guarantees about it's safety and there may be other such "hidden features".

    Simply extract this zip file, replace EOSource.exe and restart your server.

    12 years, 51 weeks ago
    Post #121627 Re: Warning: Do not use EOSource or Seose

    I've always been a little suspicious of EOSource, thanks for bringing this to light Sausage. I will be switching from Seose to Vodka if I ever need to put up a hangout server again.


    PS: Nice password ;D
    ---
    Want to learn to pixel?
    Pixelsource.org
    12 years, 51 weeks ago
    Post #121628 Re: Warning: Do not use EOSource or Seose
    Cirras posted: (9th Jan 2012, 02:16 am)

    I've always been a little suspicious of EOSource, thanks for bringing this to light Sausage. I will be sticking to Vodka if I ever need to put up a hangout server again.


    PS: Nice password ;D

    I'm glad I never bothered with it even once =p
    Ignorance for the win!

    How exactly did this come about? If Hollow had made this himself shouldn't he be banned or something?
    ---
    Web developer, currently looking for graphic artists / designers.
    12 years, 51 weeks ago
    Post #121629 Re: Warning: Do not use EOSource or Seose

    i agree with you never trust any closed source didn't use eosouce once.

    12 years, 51 weeks ago
    Post #121631 Re: Warning: Do not use EOSource or Seose

    I knew Ele would put a backdoor in EOSource. 

    Sausage: I love you.<3

    12 years, 51 weeks ago
    Post #121632 Re: Warning: Do not use EOSource or Seose

    *switches server back to eoserv*

    ---
    If at first you don't succeed; call it version 1.0
    12 years, 51 weeks ago
    Post #121635 Re: Warning: Do not use EOSource or Seose

    man this forum was great before eo source , thanks dude

    12 years, 51 weeks ago
    Post #121641 Re: Warning: Do not use EOSource or Seose

    Eh told everyone Vodka > Eosource

    ---
    http://www.ctronic.ga
    http://www.tsu.co/Deltro
    https://www.reverbnation.com/deltro9
    12 years, 51 weeks ago
    Post #121643 Re: Warning: Do not use EOSource or Seose
    kodyt posted: (9th Jan 2012, 03:05 am)

    Eh told everyone Vodka > Eosource


    Everything > EOSource
    12 years, 51 weeks ago
    Post #121645 Re: Warning: Do not use EOSource or Seose

    *claps*

    ---
    stay tuned.
    12 years, 51 weeks ago
    Post #121647 Re: Warning: Do not use EOSource or Seose

    now i am 100% that some eosource can know ur id and pass, when i made a new acc in an eo-source server which its id and pass similar to the banned old one , the owner banned after i just got in , however i made a female charcter and my old banned charcter was a male , but i donot know how the owner knew it was me
    the only chance he had is my id and pass.

    12 years, 51 weeks ago
    Post #121649 Re: Warning: Do not use EOSource or Seose
    mahmoud2z5 posted: (9th Jan 2012, 03:15 am)

    now i am 100% that some eosource can know ur id and pass, when i made a new acc in an eo-source server which its id and pass similar to the banned old one , the owner banned after i just got in , however i made a female charcter and my old banned charcter was a male , but i donot know how theowner knew it was me
    the only chance he had is my id and pass.


    uhh an it shows your pc name in the database ... oh an your ip when you connect so it wouldn't be hard for them to know its you with out getting your "user/pass"... derpa fucking derp... 
    ---
    http://www.ctronic.ga
    http://www.tsu.co/Deltro
    https://www.reverbnation.com/deltro9
    12 years, 51 weeks ago
    Post #121654 Re: Warning: Do not use EOSource or Seose
    kodyt posted: (9th Jan 2012, 03:17 am)

    mahmoud2z5 posted: (9th Jan 2012, 03:15 am)

    now i am 100% that some eosource can know ur id and pass, when i made a new acc in an eo-source server which its id and pass similar to the banned old one , the owner banned after i just got in , however i made a female charcter and my old banned charcter was a male , but i donot know howtheowner knew it was me
    the only chance he had is my id and pass.


    uhh an it shows your pc name in the database ... oh an your ip when you connect so it wouldn't be hard for them to know its you with out getting your "user/pass"... derpa fucking derp... 
    1- i was on a proxy
    2- i was on a differnet computer
    3- the fucking owner wont be looking the damn console and the database every min

    12 years, 51 weeks ago
    Page: << 1 2 3 ... 14 15 >>
    Topic is locked.
    EOSERV Forum > Announcements > EO Server Backdoor Warnings