Re: [MobProg] Major Security Hole!!!

From: Davies, Nathan (DaviesN@AECL.CA)
Date: 10/08/97

>Using this, an imm could force a mob to mpforce you to change your
>password, advance them to implementor level, demote yourself, or anything
>else they desire.
>To fix this, just put a check if the victim of an mpforce (if using
>ROM2.4-MobProgs, mpvforce and mpgforce also) is an imm.
>- Chris Jacobson
I think a better fix would be to delete the imm, and since you have
access to your own files, set your level again...or for that matter, you
should already have a way of making yourself imp with a command that no
one else can use, THEN fix the code :)

>Nathan Davies,

     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     | |

This archive was generated by hypermail 2b30 : 12/08/00 PST