FF Logo
Hello Guest | Login | Register
Join us on Discord!
Latest reviews
· RF1 Russian Translation Pac... 
Reviewed by Uzbek

· Crook$ And C@stles 
Reviewed by MysticaL-AceR

· RFU5 - Midwich V5 
Reviewed by dvl_iac

· Br@in$can 
Reviewed by dvl_iac

· DM_C@nnonBaLLzZz 
Reviewed by dvl_iac

· Halloween Pumpkins 1.1 
Reviewed by dvl_iac

· RF Manor 
Reviewed by kerpal

· WMP-Rocky Horror 
Reviewed by kerpal

· RFU5 - Midwich V5 
Reviewed by kerpal

· Catacomb 
Reviewed by Mikelice

· Cyrus Cio Park 2 
Reviewed by Mikelice

· SWA Ghost House 
Reviewed by Mikelice

· WMP-Rocky Horror 
Reviewed by Mikelice

· RFU5 - Midwich V5 
Reviewed by Mikelice

· Ascension Reg 
Reviewed by Mikelice

Who's online?
0 users and 104 guests
The FactionFiles forums are archived. Please join the community on our Discord for all Red Faction discussions.
Pages: [1]
Users Avatar
Goober
Posts: 295
Joined: September 11, 2009, 19:58

and like this
(Y)

Posted: July 31, 2019, 22:50 Post #1
Please be advised that the unofficial Gold update/addon for Pure Faction has been removed from Faction Files, and we highly recommend everyone against using it. Furthermore, if you have run this unofficial update/addon on your system, the potential exists that your system may be compromised. This includes any servers that are currently or have ever run Gold.

This action has been taken quickly following in-depth security analysis of the PF Gold addon by rafalh.

rafalh's analysis produced direct evidence of the presence of multiple "backdoors" in PF Gold which allow:
1. The developer of PF Gold to attack systems running Gold by remotely running commands (including arbitrary code) without the knowledge of that system's owner
2. Anyone to change the names of players in PF Gold servers without authentication (as shown in the screenshot below)
3. Anyone to teleport other players in PF Gold servers without authentication
4. Anyone to spawn items in PF Gold servers without authentication
5. Anyone to make sounds play in PF Gold servers without authentication
6. Anyone to reveal the true IP addresses of players in PF Gold servers without authentication

In response to his development and distribution of software which is by definition malicious and potentially harmful to community members, PF Gold's developer has been banned from this community.

The Faction Files administrators would like to thank rafalh for his research and detailed analysis of these vulnerabilities.

NOTE: Neither vanilla Pure Faction, nor Dash Faction are affected by these security issues - they apply only to the unofficial PF Gold addon. Please visit http://redfaction.help to compare and download custom versions of Red Faction (and find resolutions to common issues you may encounter).

Posted Image

The FactionFiles forums are archived. Please join the community on our Discord for all Red Faction discussions.
Pages: [1]

© 2009-2024 FactionFiles