If you'd like to see existing mods come to the Bedrock platform, please contact the talented community creators of these mods and ask them to take a look at the modding API documentation at http://aka.ms/minecraftaddons Bugs, requests for specific existing mods, feature lists, and support issues will be removed. Please put mashup requests and copyrighted content requests in Marketplace.

← Add-ons
0
Follow

User impersonation: unauthorized entry & spam

Summary:
A hacker was able to bypass the standard join mechanism and forcefully enter my single-player world. Once inside, they began spamming promotional advertisements. I believe this is a critical user impersonation exploit, possibly related to the ForceOP tool.

Environment:

  • Platform: Minecraft Bedrock Edition

  • Version: 26.13

  • Connection Mode: Hosting a single-player world open to LAN / Friends

Impact of the issue:

  • A malicious player was able to enter my private world without permission.

  • The attacker caused significant disruption by spamming advertisements.

  • This represents a severe security risk for all players, as any world can be compromised.

Steps to Reproduce :

  1. A player hosts a Minecraft Bedrock world (with or without requiring an invitation).

  2. An attacker uses a third-party exploit tool to impersonate a user identity.

  3. The attacker is able to join the host's game session without an invite.

  4. The attacker can then execute commands (e.g., /say) to spam messages.

Evidence:

  • Wireshark Capture: I have attached a .pcapng network capture file showing the abnormal UDP traffic from the attacker's IP address.

  • Suspected Attacker IP: 2401:4900:1c60:3fa1:78e9:16ff:fe13:932b (IPv6)

  • Chat Logs: Screenshots of the spam messages in the chat log are also attached.

Avatar
Registered User shared this idea

0 Comments

Please sign in to leave a comment.