change-playerlist conflict with /afk in config.yml (BUG)
ProblemsSender opened this issue ยท 11 comments
My config.yml
-
change-displayname: true
-
change-playerlist: true
-
add-prefix-suffix: false
-
add-prefix-in-playerlist: true
-
add-suffix-in-playerlist: true
My plugin
- PermissionsEx, PlugMan, Vault, ProtocolLib, Essentials, EssentialsProtect, EssentialsSpawn, EssentialsChat, EssentialsAntiBuild, AuthMe
My EssentialsX version: v2.15.0.55
I confirm that this bug existed!
1/Enter /nick name it first appears in player list as nickname
2/Waiting it to auto-afk or enter /afk command
3/It might looks like will keep using your nickname to mask the real name, but when you turn off afk
4/It become real name, I also tested it with other player, we can see the real name of player
This bug seems to reported in #1923 , until now it hasn't fixed, maybe we shouldn't use afk function to avoid any exploit until it fixed.
Please don't open duplicate issues. If you can replicate an issue that has already been reported, please respond to that issue.
Closing as a duplicate of #1923.
I found it hasn't fixed, and I also met it so I opening this to ask for some help or bug fix, this bug is not bad with ordinary server, but with server used nickname to mask the real name, it turns to an exploit bug that player can use it to cheat, of course they'll meet the authme plugin to authorize to do something with this account, but I want to lowest the possible information exploit of the player.
But the bug? The bug itself still appear in online mode server, what do you expect?
You haven't explained how this is can be exploited on servers.
In addition, this is a duplicate. Please respond on the original issue.
I did, read this and try to emulate it
1/Enter /nick name it first appears in player list as nickname
2/Waiting it to auto-afk or enter /afk command
3/It might looks like will keep using your nickname to mask the real name, but when you turn off afk
4/It become real name, I also tested it with other player, we can see the real name of player
Read my posted issue above
@ProblemsSender This is a bug. You can set the nickname again and it will go away. This is not an exploit.
With no Authme used and with Offline server, you can enter to the server with that name and take control, it'll success with very low possibility because most of server is using authorize for apparently.
And to fix the bug temporary, I also can reload the server and will still get the same result as yours, but this wouldn't worth the time that we could just turn off the /afk and the any possibility of exploit will not occur again
Nicknames are not used to control access to accounts, user files or anything of the sort. Nicknames simply hide a real username behind another name in chat and the tab list and that's it.
Plugins and the server itself do not know about or understand nicknames. They only use the real username and UUIDs which does not change when the nickname or display name changes.
Even if this exploit was real, this bug has absolutely no impact on it, because all nicknames would suffer the same issue.
Ohhh... So this was misunderstanding, cuz I was related to real username about this bug, not nickname
As you said, I already know that nickname can NEVER be use to control access to accounts, and it's EssentialsX function and absolutely no impact on it.
But it's true if we got the realname exploit, With no Authme used and with Offline server, you can enter to the server with that name and take control, it'll success with very low possibility because most of server is using authorize for apparently.
All I want when keep discussing this is to say that this bug is necessary to be fixed, Any server use Nickname for apparently will face the exploit bug with afk function.
But thank you to make me clear.