Uninformed: Informative Information for the Uninformed

Vol 2» 2005.Sept

Username collisions

As referred to in the previuos sub-section, for some time the server allowed Diablo Shareware clients. These clients did not log on to accounts, and instead simply assigned themselves a username. Normal procedures were followed if the username was already in use, which involved appending a serial number to the end to make a unique name. Besides the obvious problem of being able to impersonate someone to a user who was not clever enough to check what game type one was logged on as, this creates an additional vulnerability that was heavily exploited in ``channel wars''. If a server became split from the rest of the network due to load, one could log on to that server using Diablo Shareware, and pick the same name as someone logged on to the rest of the network using a different game type. When the server split was resolved, the server would notice that there were now two users with the same unique name, and disconnect both of them with the ``Duplicate username detected.'' message3.1. This could be used to force users offline any time a server split occurred. Being able to do so was desirable in the sense that there could normally only be one channel operator in a channel at a time (barring server splits, which could be used to create a second operator if the channel was entirely emptied and then recreated on the split server). When that operator left, the next person in line would be gifted with operator permissions (unless the operator had explicitly 'designated' a new heir for operator permissions). So, one could ``take over'' a channel by systematically disconnecting those ``ahead of'' one's client in a channel3.2.