MC-33069

Man in the middle attack in 13w39b

With the new session server the serverID is no longer a sha1 hash with the public key and shared secret allowing an MITM attack to be preformed. See https://gist.github.com/thinkofdeath/d0fa2997886182b6a5ba for an example (in Go)

Status:Fixed

Reporter:Thinkofdeath

Assignee:[Mojang] Grum (Erik Broes)

Created:2013-09-28, 05:04 PM

Updated:2015-08-05, 07:27 AM

Resolved:2013-09-29, 12:22 PM

Votes:0

Watchers:2

Confirmation Status:Unconfirmed

Labels:security, session

Affects Versions:Minecraft 13w39b

Fix Versions:Minecraft 13w41a