Crypto is becoming weak/outdated

The following is based on information from http://wiki.vg/Protocol_Encryption. My research showed that it is still accurate and up to date.

RSA with a modulus size of 1024 bits
is simply outdated and it is plausible that agencies can crack it with a lot of resources. Perfect forward secrecy is also only given if the server is restarted on a regular basis.
Suggestion: The fast solution would be updating to 2048 bits, because key generation is still fast enough for that key size. Switching to ECDH with a long-term RSA key for authentication may be the future-proof solution. (Until Shor's algorithm applies)

IV = secret key
That shouldn't break it, but it is unusual. Depending on the mode of operation one has to be careful with IVs.

AES encryption is not done using an authenticated mode
GCM is the industry standard nowadays.

Authentication of the key exchange

• If a server is in offline-mode (hardly necessary anymore because your auth servers have been working reliably for years) no authentication is done at all! (Am I overlooking something?)
  -> Servers in offline-mode are open to MITM attacks. In such a case the joining clients must be warned and be able to verify the public key fingerprint by themselves!

• Authentication is using SHA1. SHA1 is SHAttered and should be replaced.

I may be nitpicking given that Minecraft is a low value target. But if you are doing crypto, you should do it right.