[5.6] permissions issue. Theft issue


  • After some brief testing my friend and I noticed a major flaw. I had access to his research table via whitelist and I went to the storage tab to move items into my inventory to move to the research table. The items in question was wood, I could not access his stockpile directly but I could move items from it's storage page to my inventory when accessed through a research table.

    I did some testing with his store, it must be set to public or white list with the people you wish to sell to in order to trade. I could access his store chest via the storage tab and take things. This is a huge issue from our perspective. I'm going to try to do this with a 3rd party and verify


  • 3
    Posts
    441
    Views
    Log in to reply


  • I confirmed with some random person's store. I was able to access their storage and remove items. (don't worry I put them back)



  • After a bit more testing we have discovered that if the store is the only thing that is public (or whitelisted with my name) there is no issue, if I am allowed access to the research table (public or whitelisted with my name added) I could get into his storage containers.


3
Posts
441
Views
Log in to reply

Internal error.

Oops! Looks like something went wrong!