[SECURITY BUG] Unauthorized Creative / Dev-Level Access on Non-Creative Dedicated Server

H

Happivaje

Refugee
Version
2.5(32)
Platform
Windows
Summary:


Two external players gained access to Creative / Dev-level functionality on a non-creative dedicated server without being granted admin rights. This is confirmed by server logs and should not be possible.





Server setup:


Dedicated server, Creative OFF, no admin tools enabled at time of incident, crossplay enabled (Steam + EOS + EAC).





Offending players (NOT admins):





  • insegt
    SteamID: 76561198996443610
    EOS ID: EOS_00024ff69acd4a259a64d075e34ec50d
    IP: 38.57.237.8
    Auth: Steam OK / EOS OK / EAC OK
  • LIsland (also seen as lland / Lsland)
    SteamID: 76561198350780269
    EOS ID: EOS_0002d01c5f974a7cb53f61f6e6a685ef
    Auth: Steam OK / EOS OK / EAC OK







NOT involved (legitimate admins):


Snalle, HappiVaje, Izqu — confirmed by logs, different SteamIDs/IPs. Admin tools were enabled only after the incident for investigation.





Timeline (from logs):





  • 2026-02-03 ~16:21: insegt logs in via normal authentication path
  • ~16:22: LIsland joins
  • Both players perform Creative / Dev-level actions despite having no admin permissions
  • Behavior observed before any admin tools were enabled
  • Server was manually shut down by owner to prevent further impact







Why this is not admin error:


Creative disabled, no permissions granted, no overlap with admin logins, unauthorized actions occurred prior to admin tool usage.





Why this is a security issue:


Normal user authentication resulted in access to restricted dev/creative functionality. Indicates permission leakage or unintended authorization path (possibly EOS/crossplay related).





Attachments:


Full server logs included (timestamps preserved).





Request:


Please escalate to dev/security team to review creative/dev permission gating and authorization boundaries.



Log(files) in this post

— Server Admin Team
 
Reproduction Steps
[SECURITY BUG] Unauthorized Creative / Dev-Level Access on Non-Creative Dedicated Server
Link to Logs
https://jpst.it/4RD_0
Link to Screenshot/Video
https://youtube.com/@sweepersincgaming?si=IPbwwo5_u_yiI4BD

Attachments

Unfortunately, anti-cheat is always a "catch new exploit, patch, catch new exploit(...)", and this relies on EAC. However, your telnet traffic is rather suspicious and I conject is the attack vector. I suggest using something like Putty and disabling Telnet if you need remote access.
 
Jugginator said:
Unfortunately, anti-cheat is always a "catch new exploit, patch, catch new exploit(...)", and this relies on EAC. However, your telnet traffic is rather suspicious and I conject is the attack vector. I suggest using something like Putty and disabling Telnet if you need remote access.
Click to expand...
The server is hosted on Nitrado (dedicated / crossplay), which is a managed platform and should not leak access without a fault in the infrastructure or integration. Telnet settings have not been modified, ports remain at default, and no third-party tools or software have been installed. All management is done through Nitrado’s web panel, which requires login via their website and uses HTTPS with third-party certificates.


If unauthorized access occurred, it is unlikely to be caused by server misconfiguration and more likely stems from a platform-level issue, a possible exploit in the Nitrado integration, or an unforeseen vulnerability in the game server itself. This cannot be reproduced by altering Telnet or any local settings, and it does not indicate user error.


As someone with knowledge of networking and game design, my insight ends here, since even with better settings I cannot inspect what’s happening on Nitrado’s side. So, wherever some leftover code or issue might be, it’s beyond my view. Would you consider looking into this? Thanks in advance ☺️
 
Happivaje said:
The server is hosted on Nitrado (dedicated / crossplay), which is a managed platform and should not leak access without a fault in the infrastructure or integration. Telnet settings have not been modified, ports remain at default, and no third-party tools or software have been installed. All management is done through Nitrado’s web panel, which requires login via their website and uses HTTPS with third-party certificates.


If unauthorized access occurred, it is unlikely to be caused by server misconfiguration and more likely stems from a platform-level issue, a possible exploit in the Nitrado integration, or an unforeseen vulnerability in the game server itself. This cannot be reproduced by altering Telnet or any local settings, and it does not indicate user error.


As someone with knowledge of networking and game design, my insight ends here, since even with better settings I cannot inspect what’s happening on Nitrado’s side. So, wherever some leftover code or issue might be, it’s beyond my view. Would you consider looking into this? Thanks in advance ☺️
Click to expand...

Ah okay that makes more sense then with Telnet, but it definitely is very... unusual from what I see in the logs. Telnet can be sniffed which could lead to credential stealing. But, more likely it's a case of an EAC bypass exploit, which would be on EAC. Sadly, as I said, no anti cheat is perfect and each one has ways cheaters exploit to bypass. I can take a look at code, but (not to repeat myself here 🫠) EAC is put in place to prevent such things, but there are plenty of "dark side of the internet" places where you can get a bypass exploit for anticheat software for "reasonable" prices.

My suggestion for now is to whitelist your server, or put a password on it. After a little while they will move on and you can remove the password.
 
You must log in or register to reply here.
Back
Top