SS3D icon indicating copy to clipboard operation
SS3D copied to clipboard
verified publisher icon RE-SS3D

CmdRunInteraction insecure parameter

Open Alainx277 opened this issue 5 years ago • 0 comments

Summary

CmdRunInteraction executes an interaction on the server, validating the possibility of this interaction given a Ray. This is supposed to prevent interactions with components invisible to the player (as stated in the comments).

Current Behavior

The ray passed to this command by the client code is a ray from the camera to the click position. While this works as expected in normal play, an attacker could pass an arbitrary Ray, even in invisible areas. This allows interactions which should not be possible.

Expected Behavior

The server should make sure the Ray is correct or create some other invisibility check.

Possible Solution

A potential solution is to have a piece of code which calculates the intended camera position (which can be used on the client and server) and use this position instead of a ray provided by the client. This makes sure the performed raycast actually checks for invisible objects.

Alainx277 avatar May 09 '20 14:05 Alainx277