[BUGREPORT] [HIGH PRIORITY] "Offline Mode" Server Hijack

Discussion in 'Bukkit Help' started by Raklatif, Aug 1, 2012.

Thread Status:
Not open for further replies.
  1. Offline

    Raklatif

    Previous Thread randomly closed by mbaxter.​
    why was it closed? you simply didnt even fucking read through it, and assume that i havent bought the game. and told me to "buy the game" and locked the thread.
    if you actually read the thread, you would see that i have already bought the game long time ago, and all i was doing is having my own server in offline mode to allow new people to the whole minecraft scene to experience the game for an hour before deciding if they would like to purchase it.​
    Notice to all server owners, if you have offline mode running to allow cracked clients to join your server is EXTREMELY vunerable. (even if you get a login / authentication plugin)

    this needs to be patched IMMEDIATELY.

    Users can join with a "/" prefix into their name to use any authenticated administration account.

    for example, "John" is an admin or OP.

    if a user joins as "/John" he will get ALL the rights of "John"

    PLEASE PATCH THIS ASAP.

    (and no, im not supporting "Cracking" but i have legit minecraft, and have my server as a pvp server for some users who want to try out the game. I already have made two of my players purchase the game :)
     
  2. Offline

    Snipes01

    Because Bukkit does not at all support offline mode servers. This thread will probably be locked as well.

    If you run an offline mode server you open yourself for attack. lol
     
  3. Offline

    Necrodoom

    offline mode server which nonpremium people can join = CRACKED
    get the point already. you arent going to get help.
     
  4. Offline

    TnT

    Of course you can hijack offline mode servers. That's because there is no authentication done on them that is of any value.

    Locked. Again. No support for offline mode servers can be given due to inherit security flaws (which lead to posts like these). If you want to fix that, run online-mode=true.

    Nothing can be "fixed". Its already "fixed" by using online-mode=true.
     
    afistofirony likes this.
  5. Offline

    resba

    Sorry TnT for posting after the lock but..

    Raklatif in the future, perhaps you should try submitting things that you classify as a "Bug Report" to our Bug Tracker, Leaky.
     
Thread Status:
Not open for further replies.

Share This Page