Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1oNzl4LTk4cjItZzZxY80loQ
Impersonation of other users (passing XBOX Live authentication) by theft of logins in PocketMine-MP
Impact
Minecraft Bedrock authentication and its protocol encryption are inseparably linked. One is not complete without the other.
This vulnerability affects servers which are able to be directly connected to via the internet (i.e. not behind a proxy).
If you are using a proxy, please check that it supports protocol encryption and that it is enabled.
Technical details
Basics
- The client generates a private ECC key
clientPrivwhich it uses to complete ECDH for encryption. - A JWT containing the public key
clientPubcorresponding to this key is signed by Microsoft servers with the Mojang root public keymojangPub. - The server verifies that the token was issued by Microsoft servers by verifying the JWT signature with
mojangPub.
Why this is a problem
However, this only ensures that the token was issued by Microsoft. It does not ensure that the client actually possesses the private key corresponding to the public key in the token.
In a login replay attack, the attacker sends a login captured from another session. This login is valid because it is verifiable by mojangPub; however, without encryption, the server doesn't know that the client actually possesses clientPriv, and the authenticity of the client cannot be verified.
How encryption prevents the attack
- The server calculates a shared secret for encryption using ECDH of
serverPrivandclientPub. - It then signs a return token using
serverPrivand sends this to the client, along withserverPub. - The client then verifies the JWT using
serverPub, and calculates the same shared secret as the server usingclientPrivandserverPub.
If the client does not possess clientPriv (i.e. because it replayed a stolen login), then the session cannot proceed once encryption is enabled, since the client cannot calculate the shared secret needed to decrypt the server packets and encrypt its own packets.
Since PM3 does not implement protocol encryption, this means that ALL versions of PM3 are affected by this login stealing attack.
How does the attacker capture a login in the first place?
The typical way to do this would be to trick a player into joining a server controlled by the attacker. This would allow the attacker to grab the login from the connection and store it for future use.
Are the logins valid forever?
No. All the JWTs have expiry dates after which they cannot be used. These expiry dates are typically 2-3 days after the token was issued by XBOX servers. PocketMine-MP 3.x does verify these expiry dates, so the use-by dates of these attacks are limited.
Patches
This problem has been fixed in all 4.x versions by implementing Minecraft protocol encryption.
This has not yet been addressed on 3.x, but since this vulnerability is already public knowledge, the advisory has been released early to make sure people are aware of it and the mitigation steps they can take.
Update 2022-01-22: This has been fixed on 3.x by d28be4eaf24a890f7ef110a51181a3d806a6acca.
Workarounds
- Use a proxy that supports encryption such as gophertunnel between your server and players. Make sure that the server only accepts connections from the proxy. If the proxy is on the same machine as the server, you can use
server-ip=127.0.0.1to ensure that only the proxy can create connections for you.
The following things may help mitigate the problem:
- Verify that the
LoginPacketserverAddressfield is the same as the server's exposed domain name. For example: https://github.com/JustTalDevelops/AntiLoginForger
WARNING: THIS DOES NOT SOLVE THE ROOT ISSUE. YOU WILL REMAIN VULNERABLE UNLESS YOU UPGRADE.
For more information
If you have any questions or comments about this advisory:
- Email us at [email protected]
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oNzl4LTk4cjItZzZxY80loQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: over 1 year ago
CVSS Score: 4.7
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-h79x-98r2-g6qc
References:
- https://github.com/pmmp/PocketMine-MP/security/advisories/GHSA-h79x-98r2-g6qc
- https://github.com/pmmp/PocketMine-MP/issues/4580
- https://github.com/advisories/GHSA-h79x-98r2-g6qc
Blast Radius: 9.8
Affected Packages
packagist:pocketmine/pocketmine-mp
Dependent packages: 52Dependent repositories: 120
Downloads: 53,564 total
Affected Version Ranges: >= 3.0.0, < 4.0.0
Fixed in: 4.0.0
All affected versions: 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.8, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.5.0, 3.5.1, 3.5.2, 3.5.3, 3.5.4, 3.5.5, 3.5.6, 3.5.7, 3.5.8, 3.5.9, 3.5.10, 3.5.11, 3.5.12, 3.5.13, 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.6.4, 3.6.5, 3.6.6, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.8.0, 3.8.1, 3.8.2, 3.8.3, 3.8.4, 3.8.5, 3.8.6, 3.8.7, 3.9.0, 3.9.1, 3.9.2, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 3.9.8, 3.10.0, 3.10.1, 3.11.0, 3.11.1, 3.11.2, 3.11.3, 3.11.4, 3.11.5, 3.11.6, 3.11.7, 3.12.0, 3.12.1, 3.12.2, 3.12.3, 3.12.4, 3.12.5, 3.12.6, 3.13.0, 3.13.1, 3.14.0, 3.14.1, 3.14.2, 3.14.3, 3.15.0, 3.15.1, 3.15.2, 3.15.3, 3.15.4, 3.16.0, 3.16.1, 3.17.0, 3.17.1, 3.17.2, 3.17.3, 3.17.4, 3.17.5, 3.17.6, 3.17.7, 3.18.0, 3.18.1, 3.18.2, 3.19.0, 3.19.1, 3.19.2, 3.19.3, 3.20.0, 3.21.0, 3.21.1, 3.22.0, 3.22.1, 3.22.2, 3.22.3, 3.22.4, 3.22.5, 3.23.0, 3.23.1, 3.24.0, 3.25.0, 3.25.1, 3.25.2, 3.25.3, 3.25.4, 3.25.5, 3.25.6, 3.26.0, 3.26.1, 3.26.2, 3.26.3, 3.26.4, 3.26.5, 3.27.0, 3.28.0
All unaffected versions: 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.1.0, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.2.8, 4.2.9, 4.2.10, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.4.0, 4.4.1, 4.4.2, 4.5.0, 4.5.1, 4.5.2, 4.6.0, 4.6.1, 4.6.2, 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.8.0, 4.8.1, 4.9.0, 4.9.1, 4.10.0, 4.10.1, 4.10.2, 4.11.0, 4.12.0, 4.12.1, 4.12.2, 4.12.3, 4.12.4, 4.12.5, 4.12.6, 4.12.7, 4.12.8, 4.12.9, 4.12.10, 4.12.11, 4.13.0, 4.14.0, 4.14.1, 4.15.0, 4.15.1, 4.15.2, 4.15.3, 4.16.0, 4.17.0, 4.17.1, 4.17.2, 4.18.0, 4.18.1, 4.18.2, 4.18.3, 4.18.4, 4.19.0, 4.19.1, 4.19.2, 4.19.3, 4.20.0, 4.20.1, 4.20.2, 4.20.3, 4.20.4, 4.20.5, 4.21.0, 4.21.1, 4.22.0, 4.22.1, 4.22.2, 4.22.3, 4.23.0, 4.23.1, 4.23.2, 4.23.3, 4.23.4, 4.23.5, 4.23.6, 4.24.0, 4.25.0, 4.26.0, 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.2.0, 5.2.1, 5.3.0, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.4.0, 5.4.1, 5.4.2, 5.4.3, 5.4.4, 5.5.0, 5.6.0, 5.6.1, 5.7.0, 5.7.1, 5.8.0, 5.8.1, 5.8.2, 5.9.0, 5.10.0, 5.11.0, 5.11.1, 5.11.2, 5.12.0, 5.12.1, 5.13.0, 5.14.0, 5.14.1