View Issue Details

IDProjectCategoryView StatusLast Update
0000004Network WideNihachuMCpublic2020-08-05 18:49
ReporterRyTheFirst Assigned ToRyTheFirst  
PriorityimmediateSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Summary0000004: Bungee-cord UUID Spoofing
DescriptionThere's an issue with Spigot / Bungee-cord that allows users to spoof their UUID. Allowing people to falsify admin rights and so forth. As occurred when the server was griefed today.
Steps To Reproduce1. Setup your own Bungee-cord instance

2. Add any bungee-cord server that is hosted somewhere other than on the same machine as the bungee server is.

3. Join through your bungee server and use a plugin to modify the UUID sent to the server.

4. Voila, you now have all of that persons perms and so forth.
TagsNo tags attached.
Attach Tags

Activities

RyTheFirst

2020-08-05 18:49

administrator   ~0000007

Resolved, added new firewall rules to drop all network traffic attempting to access server ports unless it comes from the IP of the bungee server, resolving this issue.

Issue History

Date Modified Username Field Change
2020-08-05 18:48 RyTheFirst New Issue
2020-08-05 18:48 RyTheFirst Status new => assigned
2020-08-05 18:48 RyTheFirst Assigned To => RyTheFirst
2020-08-05 18:49 RyTheFirst Status assigned => resolved
2020-08-05 18:49 RyTheFirst Resolution open => fixed
2020-08-05 18:49 RyTheFirst Note Added: 0000007