Name of the Vulnerable Software and Affected Versions: TShock (affected versions not specified)

Description: This issue allows malicious clients to connect to a server without completing the connection handshake, occupying a player slot, and receiving data from the server, even if they are banned. This can lead to harassment, observation, and utilization of server resources. The problem arises because TShock checks for bans upon the Request World Data packet, which a malicious client can choose not to send, still allowing them to join the server and chat. Other clients will not be notified of their join/leave but can see them on the player list, potentially leading to chat spam and spying on packets of players within the server.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.