[BDS-18345] BDS user impersonation exploit

Dangerous exploit with which players can log into someone else's account on the server and use OP

Exploit GitHub link

Environment

Realms, BDS on all OS`es

Linked Issues

duplicates1

BDS-18342Apparent exploit in BDS, allowing for XUID and gamertag spoofFixed

Comments2

[Mod] OcelotOnesie 2023-05-09, 11:07:04 PM

Restricted to staff

MEQS_KEEP_PRIVATE

[Mod] OcelotOnesie 2023-05-09, 11:07:29 PM

Thank you for your report!
We're tracking this issue in ~~BDS-18342~~ (private), so this ticket is being resolved and linked as a duplicate.

Since the parent ticket is marked as private, you won't be able to access it.

Quick Links:
📓 Bug Tracker Guidelines – 💬 Community Support – 📧 Mojang Support
📓 Project Summary – ✍️ Feedback and Suggestions – 📖 BDS Wiki – 📖 FAQs

History3

[Mod] OcelotOnesie 2023-05-09, 11:07:04 PM

Added Security Level: Minecraft - Private

[Mod] OcelotOnesie 2023-05-09, 11:07:29 PM

Added duplicates link:
BDS-18342Apparent exploit in BDS, allowing for XUID and gamertag spoofFixed

[Mod] OcelotOnesie 2023-05-09, 11:07:29 PM

Resolution: Unresolved → Duplicate