Uploaded image for project: 'Minecraft: Java Edition'
  1. Minecraft: Java Edition
  2. MC-267614

server 1.20.4 was hacked

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Invalid
    • None
    • 1.20.4
    • None
    • Ubuntu 22.04
    • Unconfirmed
    • (Unassigned)

      I deployed Minecraft 1.20.4 on a new server, disabled the official authentication but enabled the whitelist system. However, the server was still hacked. By checking the logs, it appears that the hacker first tried to log in with an unknown ID, which was denied access by the whitelist system. Then, they directly logged in using an account with administrator privileges.

      The suspected critical vulnerability: there might be a vulnerability in the server that allows the hacker to obtain all player IDs. The hacker then bypasses the authentication and logs in using the player IDs.

            Unassigned Unassigned
            longt longt
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: