AuthMe Reloaded

AuthMe Reloaded

3M Downloads

Exploit: CoreProtect has no exclusion list for command logging.

DeusNinja opened this issue ยท 1 comments

commented

Is there currently no way to create an exclusion list for core protect's command logging. Server's running core protect where staff have access to "/co lookup action: command" may view logged login/register commands with visible passwords.

The plugin is currently logging /login, /l and /register, /reg commands with user's passwords visible on the /co lookup action: login to find the cords of where the command was ran then again /co lookup action: command to see user's login password.

javaw_KZbdBaZffJ

I also created an open issue on the coreprotect github for this as well. PlayPro/CoreProtect#25

commented

All we can do is to make sure authme commands are in the coreprotect command blacklist file