Exploit: CoreProtect has no exclusion list for command logging.
DeusNinja opened this issue ยท 1 comments
Is there currently no way to create an exclusion list for core protect's command logging. Server's running core protect where staff have access to "/co lookup action: command" may view logged login/register commands with visible passwords.
The plugin is currently logging /login, /l and /register, /reg commands with user's passwords visible on the /co lookup action: login to find the cords of where the command was ran then again /co lookup action: command to see user's login password.
I also created an open issue on the coreprotect github for this as well. PlayPro/CoreProtect#25