BleedingPipe vulnerability allows hackers to gain access to Minecraft servers

Ever since its launch back in 2011, Minecraft mods have been a popular way for users to further expand the game’s capabilities. However, according to a new report from MMPA security, hackers have found a new critical vulnerability named “BleedingPipe” in the Minecraft Forge framework, which allows them to execute malicious code on mod servers and clients, effectively taking control of devices.

Specifically targeting mods running on Forge 1.7.10/1.12.2, the BleedingPipe vulnerability exploits the deserialization process of the ‘ObjectInputStream’ class in Java, which facilitates the exchange of network packets between servers and clients in Minecraft mods. As a result, attackers can manipulate network traffic to gain unauthorized access to affected servers and take control of players’ devices. Additionally, the vulnerability enables hackers to steal sensitive information, such as Discord chatters’ credentials and players’ Steam session cookies.

Furthermore, the MMPA report also highlights the names of specific mods affected by the BleedingPipe vulnerability. These include EnderCore, LogisticsPipes versions older than 0.10.0.71, BDLib 1.7 through 1.12, Smart Moving 1.12, Brazier, DankNull, Gadomancy, Advent of Ascension (Nevermine) version 1.12.2, Astral Sorcery versions 1.9.1 and older, and several others.

“After the initial discovery, we discovered that a bad actor scanned all Minecraft servers on the IPv4 address space to mass-exploit vulnerable servers. We do not know what the contents of the exploit were or if it was used to exploit other clients, although this is very much possible with the exploit,” states the report.

What is the solution?

While Minecraft itself cannot directly intervene in this situation, as they are not responsible for the Forge framework, it’s important to note that mod developers are actively working on releasing patches. However, the limited resources of these developers have resulted in a slow rollout of updates.

Until mod developers can patch the vulnerability, users should refrain from downloading any mods and perform an antivirus scan on all recently downloaded mods. Additionally, the MMPA has developed a ‘PipeBlocker’ mod, which filters ‘ObjectInputStream’ network traffic and provides defense for both Forge servers and clients.