[HL2DM] [ZPS] Bad Rcon Password can Crash the Server

[ghost]

If you go to the console, and type

rcon_password "123"

and then type something like

rcon status

It will get a wrong password error, but, if you insist and keep sending the command after all atempts, you will be kicked with a message that you have been banned, but however, you are not banner and the server crashes.

Tested on ZPS and HLD2M, i think it happens to all source games though

[voided]

Can you confirm that the actual server process crashes?

Failing rcon password checks over a certain limit (see sv_rcon_maxfailures) leads to the offending IP being banned, which can make it seem that the server is offline when it's simply dropping packets from the banned address.

[fuckpaypal]

I wasn't able to reproduce this.

[Pricetx]

I wasn't able to re-produce this either, is he just referring to listen servers? As I imagine they would probably stop running if the host got banned.

[ghost]

Strange, i was saying about dedicated servers, look, even on a simply google search about it you can see many people suffering from this:

https://www.google.com.br/search?q=bad+rcon+password+crash+server&oq=bad+rcon+password+crash+server&aqs=chrome..69i57j69i61.7341j0&sourceid=chrome&ie=UTF-8&qscrl=1

I just reproduced it now on ZPS (Zombie Panic Source)

[Pricetx]

Hmm, assuming you've been attempting this exploit on your own server, could you provide specs and OS? Also, any mods / plugins would be useful to know.

[CutieRin]

just had a friend try this on my srcds css dedicated server and server didn't crash but he got ip banned and wasnt able to see the server, so you were just being blocked from seeing the server, like voided had explained

[ghost]

Well, i just checked here and ZPS is using orangebox engine (even on steampipe), perhabs this bug it's fixed on steampipe engine?

[alfred-valve]

Sounds like this is ZPS specific and not covered by this tracker, chase this down with the ZPS team.