NEW YORK: Ammar Askar, a Pakistan-based developer recently posted a detailed account of how the servers of Minecraft are vulnerable. He has reported on a massive exploit using which anyone can single-handedly crash the game’s servers he has backed it up with a proof of concept.
During my poking around within the networking internals of Minecraft, I came across a fairly substantial problem that allowed anyone to send certain malformed packets and crash a server by running it out of memory.
What’s even more interesting is that he has been working on it since the time when the game’s build was 1.6.2 (it is 1.8.3 now) and ever since then neither did the developers fix it nor did they take the guy seriously he claims.
You might think that the guy went overboard by disclosing the details on the internet but in his opinion there was no other way left to bring it to the attention of the developers:
I thought a lot before writing this post, on the one hand I don’t want to expose thousands of servers to a major vulnerability, yet on the other hand Mojang has failed to act upon it.
He states that he tried contacting the developers on five occasions, but it stuns me to know that he was completely ignored.
Now that the exploit is public, Mojang has apparently contacted him:
With the release of this full disclosure I have actually made contact with Mojang and they are working to fix the issue. Apparently the initial fix they tried failed which indicates a lack of proper testing.
