Security holes

Post by **Edge100x** » Sat Jan 11, 2003 9:49 pm

Last night it became known that there is a major problem with HLDS that leads to easy security compromises through such addons as StatsME, AdminMod, and ClanMod. These compromises generally require someone to have rcon-level access (either directly or through the mod), although that's not always the case. Currently it is being recommended on several news sites to set your rcon_password to "" so that users with rcon cannot use it against the server; this does not entirely fix the problem, but you may want to do it as a stopgap.

As soon as Valve releases a security update to HLDS, we will be loading it onto all the servers.

[MiD]Arcticman-TPF- · Tue Jan 14, 2003 12:52 pm

Are you saying this opening is only for people with rcon?

Post by **Edge100x** » Tue Jan 14, 2003 5:22 pm

Most of the security holes require the use of rcon, yes.