WEB-4091Certain Words in Password Break Minecraft Auth Server, Regardless of Username
I haven't played Minecraft in a while, but today I went to log in and I got this issue (after digging a bit):
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> <TITLE>ERROR: The request could not be satisfied</TITLE> </HEAD><BODY> <H1>403 ERROR</H1> <H2>The request could not be satisfied.</H2> <HR noshade size="1px"> Request blocked. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner. <BR clear="all"> If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation. <BR clear="all"> <HR noshade size="1px"> <PRE> Generated by cloudfront (CloudFront) Request ID: ZngRp66EaEZRahoHs-Rj2QqSc6gdwTZ5e2UjqUPfxH6VlxtjNxBCnQ== </PRE> <ADDRESS> </ADDRESS> </BODY></HTML>
I tracked the issue down to my password: if this password is used with any email address / username, it causes this error (I have since changed my password to play Minecraft):
scp-R/root@127.0.0.1:/
This could be something with a misconfigured filter or something, I'm not a security expert. The least I could ask for is that I get a proper error message instead of the website failing silently. I had to manually send a request with cURL to get this message back (and I also found it in Chrome and Firefox dev tools).
