MC-253894

Private keys are stored on filesystem even when logged out

Private keys for chat signing are stored in (.minecraft folder)/profilekeys. If multiple people use the same computer, one person could use the other's private key to sign chat messages before the key expires. This is possible even if the account is completely logged out.

To fix, the private key should only be stored in memory while the game is running and discarded completely when the game exits.

Status:Fixed

Reporter:Tis_awesomeness

Assignee:[Mojang] Felix Jones

Created:2022-07-04, 05:28 PM

Updated:2022-07-19, 07:55 AM

Resolved:2022-07-19, 07:55 AM

Votes:1

Watchers:3

Confirmation Status:Plausible

Mojang Priority:Important

Category:Social Interactions

Labels:

Affects Versions:1.19, 1.19.1 Pre-release 2, 1.19.1 Pre-release 3, 1.19.1 Pre-release 4

Fix Versions:1.19.1 Pre-release 6