Authentication Bypass by Capture-replay in PocketMine-MP - #VU132305
Published: January 21, 2022 / Updated: May 26, 2026
PocketMine-MP
Detailed vulnerability description
The vulnerability allows a remote attacker to impersonate other users.
The vulnerability exists due to authentication bypass by capture-replay in the login authentication mechanism when processing a stolen login token without protocol encryption. A remote attacker can replay captured login data to impersonate other users.
User interaction is required to capture a victim's login, such as by tricking the victim into joining an attacker-controlled server. Captured tokens expire after a limited time, typically within 2-3 days.