Make chat get the author username serverside

Question

Make chat get the author username serverside

storm37000 opened this issue 4 years ago · 2 comments

Major security issue that modders are exploiting, they can impersonate any username by just sending that username since you trust them to provide that data properly.

Answer 1 · 2020-06-30T14:02:57.000Z

No. It's not even a 'security issue', it's a by-design API feature.

Answer 2 · 2020-07-22T17:54:03.000Z

im talking about where in the chat window and the console it gets the string for who sent the message. Ive actually seen hackers use this to make it fully appear that somebody else was saying things they werent. This has nothing to do with the API, this is an issue with the chat resource. Ive already patched this security hole on my server, let me know if you want a pr.