search

Elytrium / LimboAuth

Minecraft Auth System for Velocity proxy built in virtual server (Limbo). Built with LimboAPI.
GNU Affero General Public License v3.0
186 stars 75 forks source link

Exploit!!! #168

Open SpigotRCE opened 4 months ago

SpigotRCE commented 4 months ago

Describe the bug Login bypass.

To Reproduce Steps to reproduce the behavior:

  1. Setup auto reconnect
  2. Afk trying to join thru owner account
  3. When limbo reloads, in that time it would let player log in

Expected behavior Any login plugin should not reload when server is running

Screenshots No screenshots, but a major server named GreenMC was griefed using this exploit

Server Info (please complete the following information):

UserNugget commented 4 months ago

Are you sure that it is caused by reloads? It seems that i can't reproduce this issue locally with the latest software versions.

SpigotRCE commented 4 months ago

Yes

UserNugget commented 4 months ago

Oh, is there any additional information like that plugin versions/client version/account type (offline-mode or online-mode) was used?

SpigotRCE commented 3 months ago

account type online mode , plugin version latest, client version any