Sign in to follow this  
bdew

Steam authentication can be bypassed by an exploit

Recommended Posts

I've found a bug that allows fully bypassing steam authentication and logging into any server with any SteamID.

 

For obvious reasons i'm not posting any details here, but i have a working client mod that exploits this and i've successfully tested it on both current and beta version test server.

 

I've PMed the full details including source code for the working exploit to @ErikN, any other staff member is welcome to PM me to get a copy :P

  • Like 2

Share this post


Link to post
Share on other sites

 

 

theres only one server to my knowledge that has patched steam id spoofing, iirc they did send the details to the developers but i haven't heard anything about it since then. Nor has it been mentioned in patch notes. (This was about a month ago btw)

Share this post


Link to post
Share on other sites
1 hour ago, akaedis said:

theres only one server to my knowledge that has patched steam id spoofing, iirc they did send the details to the developers but i haven't heard anything about it since then. Nor has it been mentioned in patch notes. (This was about a month ago btw)

 

I don't think this can be fully fixed without a protocol change that would break backwards compatibility, at least for cluster setups. I might be able to do a fix for single servers, but i'll wait for a few days for the devs to hopefully respond before releasing it, as it would be pretty easy to figure out the exploit once you see the fix.

Share this post


Link to post
Share on other sites

Yeah this is quite serious. 

Edited by Sklo:D

Share this post


Link to post
Share on other sites

I've heard back from the devs and they are working on an official fix for this.

Edited by bdew
  • Like 1

Share this post


Link to post
Share on other sites

The Developers appreciate the report, and yes a fix is planned very soon.

  • Like 1

Share this post


Link to post
Share on other sites

I hope there is also a fix coming for the steam  Authentication  check issue as well.

Share this post


Link to post
Share on other sites

The problem with it is that with forced Steam authentication, it doesn't allow us to multi-box. In a single player environment, it's going to get pretty boring just playing 1 character by yourself. Not much chance of becoming a priest with no follower.

Share this post


Link to post
Share on other sites

I multi box a ton of us do you need to read more threads.

There are ways to multi box in WU on steam.

Share this post


Link to post
Share on other sites

I am hoping they add the ability to Ban by SteamID while they are making the fix.

Share this post


Link to post
Share on other sites

Ugh.. did this break the game giving us the "Duplicate Authentication" error many are now getting?

All I want is to be able to get back on my horse and ride the the White Light to become a priest. Terrible lag last night and after leading my horse

across the river I could not 'ride' him. I tried a game reboot hoping it would defeat the lag monster and let me see if he was really there or back across the river...

Worst mistake I ever made. Game won't let me back in, "No Soup for YOU!" <Duplicate authentication> ..most obnoxious comment from a game to a player I have experienced. Just rubbed the salt in the wound!

 

 

HELP!!!!!!!!!!!!!!!!!!!!!!!!

Share this post


Link to post
Share on other sites

Correct.

 

The newest patch has rendered many Wurm Unlimited players unable to play due to the new bug. Code Club has gone down hill significantly, it's unfortunate. 

Share this post


Link to post
Share on other sites

Are people running into this issue using my SteamFix mod by chance? Try disabling it, as i posted in that thread it's currently not doing anything useful, and i have a suspicion it might be making this problem worse :unsure:

Share this post


Link to post
Share on other sites
2 hours ago, bdew said:

Are people running into this issue using my SteamFix mod by chance? Try disabling it, as i posted in that thread it's currently not doing anything useful, and i have a suspicion it might be making this problem worse :unsure:

Nope I run a Vanilla server no mods and this is happening to a lot of people.

  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this