Open Metro420yt opened 3 months ago
Seems like a bug in nodejs.
Caused by https://github.com/nodejs/node/commit/54cd268059626800dbe1e02a88b28d9538cf5587
You can open an issue in https://github.com/nodejs/node for it
Being discussed in https://github.com/nodejs/node/issues/52017
Proposed programmatic way to re-enable is being discussed in https://github.com/nodejs/node/pull/52090, pure js workaround snippet to fix mentioned in https://github.com/nodejs/node/issues/52017#issuecomment-1987369610
So, it looks like the node team decided to remove the padding feature? Is there a programmatic fix for it that could be added to nmp? I don't want to parse node arguments to all my applications.
Read the linked issue/PR, I left a comment on https://github.com/nodejs/node/issues/52017#issuecomment-2080906420.
Ideally the standard lib of a language doesn't do breaking updates to remove functionality in minor versions, but that's what seems to be the case at the moment (for security reasons). There is a PR to add a code based toggle to re-enable the funcionality, but it's not for sure that will be merged. This may require using the nodeRSA workaround snippet posted in nodejs/node#52017.
Read the linked issue/PR, I left a comment on nodejs/node#52017 (comment).
Ideally the standard lib of a language doesn't do breaking updates to remove functionality in minor versions, but that's what seems to be the case at the moment (for security reasons). There is a PR to add a code based toggle to re-enable the funcionality, but it's not for sure that will be merged. This may require using the nodeRSA workaround snippet posted in nodejs/node#52017.
I think we should go for the nodeRSA workaround for the time being because Node-Minecraft-Protocol does not work right now with the latest LTS versions of Node.
Yeah, https://github.com/nodejs/node/issues/52017#issuecomment-1987369610 should have the relevant code to do it
[x] The FAQ doesn't contain a resolution to my issue
Versions
Detailed description of a problem
when trying to connect, on login.js line 120 the padding "crypto.constants.RSA_PKCS1_PADDING" throws an error, due to CVE-2023-46809
Current code
Expected behavior
wasnt sure if there was a way to fix this, or if its just a part of the encryption method
edit: the error is silent, and the server just responds "Disconnected" and i should clarify, im not sure if its possible to use another encryption method or not
Additional context
originally was using node v20.11.1, but updated at some point to see if it would help
passing "--security-revert=CVE-2023-46809" gives another error