科技回声

pilif将近 13 年前

I see no mention of notifying Mojang. And even if they did and Mojang is late with patching, I don't think it's very nice to post a public report on a weekend. Mojang is still a comparably small company and I'm sure nobody there is thrilled about fixing security flaws over the weekend.<p>This is, IMHO, not totally what I would call responsible disclosure.

评论 #4246446 未加载

评论 #4246507 未加载

评论 #4246630 未加载

评论 #4246502 未加载

评论 #4246489 未加载

评论 #4246653 未加载

评论 #4248009 未加载

alt_将近 13 年前

"UPDATE: Woohoo! Things are back up and running perfectly! Thank you all for being patient while things were fixed. Also major props to Grum, Dinnerbone, and Leo who were out of bed and in to action in the blink of an eye!"[0]<p>[0] <a href="http://www.mojang.com/2012/07/houston-we-have-a-problem/" rel="nofollow">http://www.mojang.com/2012/07/houston-we-have-a-problem/</a>

buttscicles将近 13 年前

I'd have thought ensuring a session ID was only valid for a single account would have been the first thing to test when developing an authentication system. Perhaps not in Sweden.

评论 #4248007 未加载

Minecraft Migrated Account Session Vulnerability Security Advisory

3 条评论

Minecraft Migrated Account Session Vulnerability Security Advisory

3 条评论