Forum

Please or Register to create posts and topics.

Important Security thing depending on what we use for plugins.

One of the other servers I play on had to be shut down temporarily because of a security problem with Spigot. The problem, which allowed users to login with Admins' names gaining their commands, however, also affects Bukkit and Vanilla servers. It only affected certain versions, and attached is a link to more information.

The damage obviously able to be caused:Damage caused

Extra information as to the problem:

Servers Down Temporarily
by inmcpublic


Links in the first comment.

Yeah, I am aware about this. First thing, we do not use spigot. Second thing, nobody can connect to the server with my name since the server has a special subdomain domain address that is required to login as "uncovery". So faking my account requires you to know that domain name which is a 32 letter random code.

So there is a 1% success chance that someone logs in as another user and griefs them. I am checking daily and waiting for bukkit build 2864 where this will be implemented. I guess we can live with that for some days until this is fixed.

Oh snap Unco! Quite some security.

Btw this is fixed now.

Sent from my HTC One using Tapatalk 4