Impact
Originally reported in iTXTech/Genisys#1188
PotterHarry98
potterharry98
deop PotterHarry98
will remove potterharry98 from the ops.txt but not PotterHarry98.
Operator permissions are checked using Config->exists() with lowercase=true, which will result in a match:
This means that it's possible to make yourself impossible to de-op (using commands) by adding your name to ops.txt with uppercase letters.
Patches
4d37b79
Workarounds
This can be easily addressed by removing the offending lines from ops.txt manually.
For more information
If you have any questions or comments about this advisory:
Impact
Originally reported in iTXTech/Genisys#1188
deop PotterHarry98will remove
potterharry98from the ops.txt but notPotterHarry98.Operator permissions are checked using
Config->exists()withlowercase=true, which will result in a match:PocketMine-MP/src/utils/Config.php
Line 449 in 22bb1ce
This means that it's possible to make yourself impossible to de-op (using commands) by adding your name to ops.txt with uppercase letters.
Patches
4d37b79
Workarounds
This can be easily addressed by removing the offending lines from ops.txt manually.
For more information
If you have any questions or comments about this advisory: