What is the Minecraft Malware Prevention Alliance (MMPA)?

The Minecraft Malware Prevention Alliance (MMPA) is an anti-malware group specifically focused on Minecraft. They raise awareness about security vulnerabilities in Minecraft servers and mods, including the Bleeding Pipe vulnerability.

Has the Bleeding Pipe vulnerability been addressed before?

Yes, the Bleeding Pipe vulnerability is not new in the Java community, and it has been addressed in other mods before. However, many mods are still vulnerable, and its impact within the Minecraft community is unprecedented.

How can the Bleeding Pipe vulnerability be exploited?

Hackers can exploit the Bleeding Pipe vulnerability by sending specially crafted network packets to vulnerable Minecraft mod servers. Once they take over the servers, they can exploit the flaws in the same Minecraft mods used by players who connect to the server, potentially installing malware on those devices as well.

Are there any solutions or fixes available for the Bleeding Pipe vulnerability?

Yes, a fix for the Bleeding Pipe vulnerability has been developed by Dogboy21 and other helpful users. The fix can be found on their GitHub page. It is essential for Minecraft server administrators to act promptly and apply the patch to safeguard their servers and players.

Advisory

Minecraft servers full of mods vulnerable to critical Bleeding Pipe exploit

Q: What is the Bleeding Pipe vulnerability in Minecraft servers?

The Bleeding Pipe is a security vulnerability found in many Minecraft server mods. It occurs due to the incorrect use of deserialization in the 'ObjectInputStream' class in Java to exchange network packets between servers and clients. Attackers exploit this vulnerability by sending specially crafted network packets to vulnerable Minecraft mod servers, allowing them to take over the servers.

Q: What are the potential consequences of the Bleeding Pipe vulnerability?

The potential consequences of the Bleeding Pipe vulnerability are worrisome. Hackers have already attempted, and in some cases, succeeded in stealing Microsoft access tokens and browser sessions. The real concern lies in the fact that the attackers can execute any code on the targeted systems, opening up countless possibilities for harm.

Q: Which Minecraft mods are affected by the Bleeding Pipe vulnerability?

Approximately 36 vulnerable mods have been identified, including EnderCore, AetherCraft mode, LogisticsPipes, Immersive Armors, and ttCore. However, it's crucial to note that the list provided on the Git page may not be exhaustive.

published: July 31, 2023

Take action: If you are running a Minecraft server, it's wise to start patching for Bleeding Pipe exploit. If you are playing Minecraft, maybe change the game for the next few weeks until the community pressure forces most servers to be patched.

Learn More

Minecraft server administrators are warned that many servers running popular mods are at risk of exploitation by malicious hackers aiming to gain control over players' machines. The vulnerability is brought to light by the Minecraft Malware Prevention Alliance (MMPA) - yes, there is an anti-malware group for Minecraft.

The vulnerability is th Bleeding Pipe. It's a vulnerability found in many Minecraft mods caused by the incorrect use of deserialization in the 'ObjectInputStream' class in Java to exchange network packets between servers and clients.

In short, the attackers send specially crafted network packets to vulnerable Minecraft mod servers to take over the servers.

The threat actors can then use those hacked servers to exploit the flaws in the same Minecraft mods used by players that connect to the server, allowing them to install malware on those devices as well.

The vulnerability is not new in the Java community and has been addressed in other mods before, but many mods are still vulnerable and the impact within the Minecraft community is unprecedented.

A Computer Science student, known as Dogboy21 on GitHub, identified approximately 36 vulnerable mods that are susceptible to the exploit known as the Bleeding Pipe.

The potential consequences of this vulnerability are worrying. Hackers have already attempted and, in some cases, succeeded in stealing Microsoft access tokens and browser sessions. The real concern lies in the fact that the attackers can execute any code on the targeted systems, opening up countless possibilities for harm.

Dogboy21 and other helpful users have collaborated to develop a fix, which can be found on their GitHub page. Nevertheless, it is essential for server administrators to act promptly to safeguard their servers and players.

Various mods, including EnderCore, AetherCraft mode, LogisticsPipes, Immersive Armors, and ttCore, are among the affected ones. However, it's crucial to note that the list provided on the Git page may not be exhaustive.

Minecraft servers full of mods vulnerable to critical Bleeding Pipe exploit