Open yeojhenrie opened 4 years ago
yeojhenrie
commented
4 years ago First, login to your account(this will be the victim) launch another minecraft session with a hacked client (preferably inertia) that has the same name as the victim join the server and set the join delay to 0 wait for the victim to logout, then you will have access to his account note: I set it to -1
ghost
commented
4 years ago Hey, this is not a bug. LoginSecurity allows you to re-log into your account in 1 minute (as in default config) after you left the server, as long as your IP when you leave and your IP when you re-join is the same, you will be automatically log back in.
It's a feature, not a bug.
yeojhenrie
commented
3 years ago How do I remove this "feature"?
malpkakefirek
commented
3 years ago Hey, this is not a bug. LoginSecurity allows you to re-log into your account in 1 minute (as in default config) after you left the server, as long as your IP when you leave and your IP when you re-join is the same, you will be automatically log back in.
It's a feature, not a bug.
They set it to -1, so I think it shouldn't be able to re-join without logging in
Hi! thanks for making a free plugin for offline servers to use. I am running an anarchy server that uses reverse-tunneling and players are finding ways to break into other people's account. I am guessing that this is due to IP & time-based session continuation, because reverse tunneling only sees that everyone is on localhost and this causes problem in determining which account is owned by the player. I suggest adding a config to disable that feature to make it work on servers that uses reverse tunneling.