Mojira Archive
WEB-4322

Soon-to-be Available Usernames can be Stolen

I'm making this quick so you can get to it sooner, sorry it's lacking detail.
Microsoft accounts that were claimed can be changed
and then claimed with diff caps
onto any account

You can view this in effect here:
https://namemc.com/profile/monarch.4
https://namemc.com/profile/DEAD_NX.1

Usernames are usually blocked for 37 days before going available. This exploit allows you to bypass the block.

This is harmful to the community as you can no longer change the casing of your username (like Joshua to joshua) you have to switch to a different name and directly back, and during that time someone can take the name you switched from even though you were intent on changing back to it.

Fix this ASAP before it's exploited in masses, cheers

Fixed

Joshua

[Mojang] Web Team

2021-04-03, 01:23 AM

2021-04-13, 11:10 PM

2021-04-07, 01:28 PM

0

1