Minecraft Security Advisory – Authentication Exploit

The following has been emailed to all active and/or suspended CubedHost Minecraft customers.

** Please note ** Absolutely NO CubedHost services have been compromised. This is a general Minecraft security advisory.

We have recently become aware of a (working) exploit for the Minecraft protocol, that is a high risk to any server that is in online-mode and using an older CraftBukkit / Spigot build, or vanilla Minecraft.
This security exploit essentially allows for any user to authenticate as any player on your server. We have tested this exploit, and it does indeed work, making this a fairly high security risk.

Further details can be found via Reddit, Planet Minecraft, etc.

We recommend that you update to the latest version of CraftBukkit / Spigot immediately.
As far as we’re currently aware, there is no fix with the Vanilla Minecraft server as of yet.

To update your server, please follow this knowledgebase article.