The MC server encryption algorithm uses IV=Key, which leads to a potential CCA attack, allowing key leakage

The server encryption code of MC is as follows, where the IV part is equal to the key. This can lead to potential CCA attacks.
public static Cipher cipherFromKey(int opMode, Key key) throws NetworkEncryptionException { try

{ Cipher cipher = Cipher.getInstance("AES/CFB8/NoPadding"); cipher.init(opMode, key, new IvParameterSpec(key.getEncoded())); return cipher; }

catch (Exception var3)

{ throw new NetworkEncryptionException(var3); }

}

In CCA attacks where IV=key is used, the attacker knows a ciphertext and sends a ciphertext of a specific structure. The decrypted plaintext contains the key.

The specific attack process is as follows:

Intercept ciphertext: The attacker intercepts a ciphertext that is encrypted using IV = Key. C = (C1, C2, C3,... , Cn).
Construct a special ciphertext: The attacker constructs a new ciphertext C' = (C1, 0, C1, C2, C3,... , Cn), where 0 represents a block of all zeros.
Decryption process: When decrypting C1, P1 = AES_decrypt(C1, Key) XOR Key. When decrypting the second block, P2 = AES_decrypt(0, Key) XOR C1. When decrypting the third block, P3 = AES_decrypt(C1, Key) XOR 0. Recovery Key: Since P1 = AES_decrypt(C1, Key) XOR Key and P3 = AES_decrypt(C1, Key), P1 XOR P3 = Key.
Can refer to: https://cedricvanrompay.gitlab.io/cryptopals/challenges/27.html