[BDS-1336] Achievements can be unlocked through console

Description
This is a pretty big exploit I came across yesterday while trying out the server. When a player is made op they can't change their game mode or use the give command if cheats are off. That is normal expected behavior. Now through the console, the game mode of a player can be changed and it won't affect the "cheat" status. The player can then proceed to get materials for the achievements.

Steps to replicate:

Change player game mode to creative
Get material (wheat for example)
Complete the task to get the achievement (craft some bread with the wheat).

Possible Fix for Exploit:
I saw that there is a command to toggle cheats on the server. I think a possible fix would be to prompt the person running the server to enable cheats when they try to do commands like gamemode or give (any command that is considered cheating). Could be a yes or no prompt similar to how its shown when adding cheats to a world. That way cheat commands can only run if there they accept.

Linked Issues

is duplicated by8

BDS-5861Command exploitDuplicate

BDS-7112Achievements still are allowed despite the server granting you privileges Duplicate

BDS-9553Unlock achievements without working for themDuplicate

BDS-10222cheating achievements Duplicate

BDS-16994Server console able to use cheats when cheats is disabledDuplicate

BDS-18464Cheat Commands can be Used in the Terminal Despite World SettingsDuplicate

MCPE-135947Earn Achievements in Creative ServerDuplicate

MCPE-176631A way to get achievement in bedrock with cheats on Duplicate

relates to1

MCPE-87449Achievements can be enabled in Creative modeIncomplete

Comments5

[Mod] OcelotOnesie 2021-07-19, 01:29:05 AM

Restricted to staff

MEQS_KEEP_PRIVATE

[Mod] Greymagic27 2024-01-04, 06:54:45 PM

Is this still an issue for you in the latest release?

Manuel O. 2024-01-04, 10:28:22 PM

This is still the case. I just downloaded the latest version of the software and ran it. Once I joined, I gave myself creative mode via the console without enabling cheats. I got obsidian, diamond, and book from creative menu. Then I change my game mode back to survival via the console. Afterwards in came I craft an enchanting table and got the enchanter achievement.

[Mod] Jarl-Penguin 2024-06-25, 12:21:07 AM

I was able to unlock the "Careful restoration" achievement while still being in Creative mode.

Manuel O. 2024-06-25, 05:29:25 PM

Thank you for updating my description. I noticed that behavior the last time I checked if the exploit was still around. It's doesn't seem to matter what gamemode as long as the task is completed.

History31

IonicEcko 2020-06-21, 05:32:02 AM

Added is duplicated by link:
BDS-5861Command exploitDuplicate

[Bot] Arisa 2020-06-21, 05:32:10 AM

Added affects versions: 1.14.60

IonicEcko 2020-06-21, 05:32:18 AM

Added Confirmation Status: Confirmed

Changed environment:

Running it on windows 10

I don't know how to find the server version. I downloaded the software from the website yesterday so its the one that supports the latest version of bedrock.

Removed affects versions:

IonicEcko 2020-06-21, 05:32:28 AM

Removed environment:

IonicEcko 2020-07-07, 07:37:01 AM

Added is duplicated by link:
BDS-7112Achievements still are allowed despite the server granting you privileges Duplicate

[Bot] Arisa 2020-07-07, 07:37:08 AM

Added affects versions: 1.16.1

IonicEcko 2020-07-26, 09:28:14 AM

Added relates to link:
MCPE-87449Achievements can be enabled in Creative modeIncomplete

IonicEcko 2020-11-01, 08:20:29 AM

Added is duplicated by link:
BDS-9553Unlock achievements without working for themDuplicate

[Bot] Arisa 2020-11-01, 08:20:39 AM

Added affects versions: 1.16.40

IonicEcko 2020-12-09, 05:28:04 AM

Added is duplicated by link:
BDS-10222cheating achievements Duplicate

[Mod] OcelotOnesie 2021-07-19, 01:28:22 AM

Added is duplicated by link:
MCPE-135947Earn Achievements in Creative ServerDuplicate

[Mod] OcelotOnesie 2021-07-19, 01:28:53 AM

Added affects versions: 1.17.10

[Mod] OcelotOnesie 2023-06-18, 01:36:58 PM

Added is duplicated by link:
BDS-18464Cheat Commands can be Used in the Terminal Despite World SettingsDuplicate

[Bot] Arisa 2023-06-18, 01:37:00 PM

Added affects versions: 1.20.0

[Mod] OcelotOnesie 2023-11-03, 11:43:29 AM

Added is duplicated by link:
MCPE-176631A way to get achievement in bedrock with cheats on Duplicate

[Mod] Greymagic27 2024-01-03, 07:21:02 PM

Resolution: Unresolved → Awaiting Response

[Mod] Greymagic27 2024-01-04, 06:54:43 PM

Deleted comment:

Is this still an issue for you in the latest release?

[Mod] Greymagic27 2024-01-04, 07:07:19 PM

Added is duplicated by link:
BDS-16994Server console able to use cheats when cheats is disabledDuplicate

[Bot] Arisa 2024-01-04, 10:28:28 PM

Resolution: Awaiting Response → Unresolved

[Mod] Greymagic27 2024-01-04, 10:54:30 PM

Added affects versions: 1.20.51

[Mod] Jarl-Penguin 2024-06-25, 12:19:57 AM

Added affects versions: 1.21.1

[Mod] Jarl-Penguin 2024-06-25, 12:21:39 AM

Changed description:

Description

This is a pretty big exploit I came across yesterday while trying out the server. When a player is made op they can't change their game mode or use the give command if cheats are off. That is normal expected behavior. Now through the console, the game mode of a player can be changed and it won't affect the "cheat" status. The player can then proceed to get materials for the achievements. If the player can only get the achievement while completing the task in survival.

Steps to replicate:

Change player game mode to creative
Get material (wheat for example)
Change the player gamemode back to survival
Complete the task to get the achievement (craft some bread with the wheat).

Possible Fix for Exploit:

I saw that there is a command to toggle cheats on the server. I think a possible fix would be to prompt the person running the server to enable cheats when they try to do commands like game mode or give (any command that is considered cheating). Could be a yes or no prompt similar to how its shown when adding cheats to a world. That way cheat commands can only run if there they accept.

Description
0This is a pretty big exploit I came across yesterday while trying out the server. When a player is made op they can't change their game mode or use the give command if cheats are off. That is normal expected behavior. Now through the console, the game mode of a player can be changed and it won't affect the "cheat" status. The player can then proceed to get materials for the achievements.

Steps to replicate:

Change player game mode to creative
Get material (wheat for example)
Complete the task to get the achievement (craft some bread with the wheat).

Possible Fix for Exploit:
0I saw that there is a command to toggle cheats on the server. I think a possible fix would be to prompt the person running the server to enable cheats when they try to do commands like gamemode or give (any command that is considered cheating). Could be a yes or no prompt similar to how its shown when adding cheats to a world. That way cheat commands can only run if there they accept.