MC-79576

Custom Player Skulls - Security Vulnerability

For over a year now, the Minecraft community has been able to link custom textures to player skulls using the SkullOwner tag.
This allows everyone to force other player's Minecraft clients to connect to a specific URL.

I have set up a website explaining the exploit: http://crushedpixel.eu/skull/

Status:Duplicate

Reporter:CrushedPixel

Created:2015-04-14, 04:59 PM

Updated:2015-04-14, 06:53 PM

Resolved:2015-04-14, 06:53 PM

Votes:11

Watchers:5

Confirmation Status:Unconfirmed

Labels:

Affects Versions:Minecraft 1.8.1, Minecraft 1.8.3

Fix Versions:-