-
Bug
-
Resolution: Invalid
-
None
-
1.20.4
-
None
-
Ubuntu 22.04
-
Unconfirmed
-
(Unassigned)
I deployed Minecraft 1.20.4 on a new server, disabled the official authentication but enabled the whitelist system. However, the server was still hacked. By checking the logs, it appears that the hacker first tried to log in with an unknown ID, which was denied access by the whitelist system. Then, they directly logged in using an account with administrator privileges.
The suspected critical vulnerability: there might be a vulnerability in the server that allows the hacker to obtain all player IDs. The hacker then bypasses the authentication and logs in using the player IDs.