Nmap Development mailing list archives
Re: Minecraft "Insecure Mode" Detection Script
From: Toni Ruottu <toni.ruottu () iki fi>
Date: Fri, 14 Jan 2011 01:40:10 +0200
It is a bit unclear whether or not this is a vulnerability. In the insecure mode someone could log into the server with a certain username periodically to keep the real user of the server. I am not sure if a regular/paid user can change their username. On Fri, Jan 14, 2011 at 1:22 AM, Fyodor <fyodor () insecure org> wrote:
On Thu, Jan 13, 2011 at 01:13:02PM -0600, Ron wrote:I personally think that unless it's big, noisy, slow, or pointless, it should be included. Somebody doing a vulnerability scan of their network might see no vulnerabilities, even though this vulnerability exists.I agree that it should be included if people consider it a vulnerability. But it seems to me more of a configuration preference. It tests whether the game allows you to play with any username you choose, or if you need to go register a free account at minecraft.net first. We can put it back if people want it included with Nmap. Of course even if it isn't in Nmap proper, anyone can download and use it from the seclists link. I also think the script could be even more useful if it could gather more useful information than just this one boolean config value. Then it would be like some of our other *-info scripts. Cheers, Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Minecraft "Insecure Mode" Detection Script David Fifield (Jan 09)
- Re: Minecraft "Insecure Mode" Detection Script Toni Ruottu (Jan 09)
- <Possible follow-ups>
- Re: Minecraft "Insecure Mode" Detection Script Fyodor (Jan 10)
- Re: Minecraft "Insecure Mode" Detection Script Toni Ruottu (Jan 11)
- Re: Minecraft "Insecure Mode" Detection Script Fyodor (Jan 11)
- Re: Minecraft "Insecure Mode" Detection Script Ron (Jan 13)
- Re: Minecraft "Insecure Mode" Detection Script Fyodor (Jan 13)
- Re: Minecraft "Insecure Mode" Detection Script Toni Ruottu (Jan 13)
- Re: Minecraft "Insecure Mode" Detection Script Ron (Jan 13)
- Re: Minecraft "Insecure Mode" Detection Script Toni Ruottu (Jan 11)