This category is for Realms and dedicated server feedback. Please send support issues to help.mojang.com, as support posts, bugs, and individual server issues will be removed. Remember that when it comes to "adding more servers" or realm restrictions we are constrained by the rules of the various platforms Minecraft is available on. Thanks!

← Realms and Dedicated Servers
2
Follow

Improve security of RCON

I would like to suggest making improvements to the RCON feature and/or implementing a better remote access protocol. The RCON protocol has multiple security flaws that could potentially put a server at risk, even if the RCON port is not exposed to the Internet.

 

The RCON password is stored in a plain text format, as it is set using the "rcon.password" value in the "server.properties" file. This means that anyone could retrieve the password by simply reading/getting a copy of the file. Storing passwords using a hash and a separate database/file would be a lot more secure.

 

The way RCON sends/receives data also has a huge security flaw. There is no encryption, which makes RCON vulnerable to man-in-the-middle attacks. Attacks like these can be used to gain full control of a server. The use of encryption is one of the most important defenses, as this would make it a lot more difficult for an attacker to modify the data that is being sent/received.

Avatar
Registered User shared this idea

0 Comments

Please sign in to leave a comment.