Mojira Archive
MC-95127

Server is not verifying packet information

The bug

The server is not verifying some packets and directly sets the data provided as its own data.

ServerboundPlayerCommandPacket (20w07a Mojang name)

The server directly sets the sneaking and sprinting flag based on the data provided in this packet. This means it does not even test if the player is already sneaking and cannot sprint or should stop sneaking. This way the client can first send a packet stating the player is sneaking / sprinting and then a packet stating the player is sprinting / sneaking which allows the player to sneak (grey name tag) with sprinting speed.

C03PacketPlayer and C03PacketPlayer.C04PacketPlayerPosition

This is based on Mincraft 1.8 (decompiled with MCP) and might not be the case anymore.

The player can send any position he wants stating for example that he is hovering always 5 blocks above ground while being in survival mode. This is very likely the method used by many flying hacks.

About latency

I know that latency should be respected but when a player moves way to quick it is unfair for other players (no matter if there is latency or not).

Unresolved

Marcono1234

2016-01-02, 10:03 PM

2023-08-22, 05:56 PM

1

3

Plausible

Normal

Platform

Networking

Minecraft 1.8.9, Minecraft 1.9, 20w07a

-