Image
Interordi Menu
Page
: 1
darkfact
Contributor
Lil' metool
Inactive
1 post
4 September 2013 at 20:22
Quote

Just saw this today - thought I'd post on the forum as it is a rather large security hole. Apparently an authentication bug has been discovered in Vanilla that potentially allows users to log in as any player (i.e. admin, etc.) They tracked the issue down and put out an update today (9/4) for Bukkit to address the issue.

http://www.reddit.com/r/admincraft/comments/1llt2h/craftbukkit_fix_for_authentication_exploit/

http://www.planetminecraft.com/blog/psa-server-exploit-discovered-update-immediately/

kagato
Contributor
Superstar!
Offline
316 posts
Squid beaker
Squid beaker
Earned all 150 original CL achievements
Acquired on 17 January 2016
 100 credits
100 credits
Acquired on 1 April 2014
 150 credits
150 credits
Acquired on 1 April 2014
4 September 2013 at 20:25
Quote

And just realized I posted this under the wrong user - registered a second account this morning as I own two Minecraft accounts :)

Chuck Norris doesn't need garbage collection because he doesn't call .Dispose(), he calls .DropKick().

Staff Backer Doctacosa
Admin
SciLab Official
Benevolent Dictator
Offline
6437 posts
Princess Celestia
Princess Celestia
Got all items in the AFD2012 event!
Acquired on 1 April 2012
 Squid beaker
Squid beaker
Earned all 150 original CL achievements
Acquired on 17 January 2016
 Unity.EXE emblem
Unity.EXE emblem
Defeat Bass.EXE in the AFD2013 event!
Acquired on 1 April 2013
 Zenny
Zenny
Unlock all of the main forum features!
Acquired on 1 April 2014
 Lilly Satou
Lilly Satou
Acquired on 1 April 2012
... and 25 more
5 September 2013 at 1:18
Quote

Thanks for the report!

There's no stable update from Bukkit available at this point, and since this exploit is one difficult to pull off, I'll hold off on updating. Jumping over to a mostly untested release is more likely to cause problems than a low-probability security hole.

I'll keep an eye out for further updates.

The admin formerly known as Dr. Cossack.

Looking for me elsewhere? Maybe look at my Fediverse account for some more-or-less random postings! If you're a gamer, check out my Osmium profile. I'm building that tool!

Staff Backer Doctacosa
Admin
SciLab Official
Benevolent Dictator
Offline
6437 posts
Princess Celestia
Princess Celestia
Got all items in the AFD2012 event!
Acquired on 1 April 2012
 Squid beaker
Squid beaker
Earned all 150 original CL achievements
Acquired on 17 January 2016
 Unity.EXE emblem
Unity.EXE emblem
Defeat Bass.EXE in the AFD2013 event!
Acquired on 1 April 2013
 Zenny
Zenny
Unlock all of the main forum features!
Acquired on 1 April 2014
 Lilly Satou
Lilly Satou
Acquired on 1 April 2012
... and 25 more
12 September 2013 at 0:54
Quote

The Bukkit update I was waiting for was released yesterday, and I installed it this morning. We're now protected!

The admin formerly known as Dr. Cossack.

Looking for me elsewhere? Maybe look at my Fediverse account for some more-or-less random postings! If you're a gamer, check out my Osmium profile. I'm building that tool!

 
Page
: 1