Critical bug !!
WelsyMC opened this issue ยท 6 comments
Hi, sorry by advance for the english, i'm french ^^
Hello,
Recently, i found an exploit on Security Craft in all versions of the mods (1.7 - 1.12).
You have a packet called "PacketSetBlock", with another forge mod, we can use your network and send the Packet with our coordinates (like 232, 64, 230) and a custom id like diamond_block.
This exploit has been used on little servers but you might fix it because it can destroy spawns and bypass protections (if you need i can send you a video so you can understand).
Add me on Discord i'll accept you in a few hours
WelsyMC#1557
Wish you the best,
Welsy.
Hi! Thank you for reporting this to us. I'll be sure to fix it for the next version of the mod, however due to the fact that we are no longer supporting Minecraft versions below 1.12.2, it will only be fixed in 1.12.2.
I actually already fixed that exploit during the update to 1.13 (so any version above that does not have the exploit. There, we use a packet where the client simply tells the server that the player has toggled the camera's power), but I apparently did not think of fixing it in older versions, too.