Reflective Encryption Vulnerability in Minosoft Minecraft Client
CVE-2024-56141

5MEDIUM

Key Information:

Vendor

Bixilon

Status
Vendor
CVE Published:
6 July 2026

What is CVE-2024-56141?

The Minosoft Minecraft Client, an open-source project, has a serious encryption vulnerability that arises from a flawed initialization vector (IV) used in its AES cipher. Specifically, the CryptManager's IV is set equal to the secret key instead of a randomly generated value. This design flaw exposes the system to chosen-ciphertext and chosen-plaintext attacks, whereby an attacker can submit selected messages for encryption, potentially allowing them to recover the secret key. This vulnerability affects all versions of the client that support Minecraft protocol 1.7 and later, and currently, there are no available patches or workarounds.

Affected Version(s)

Minosoft >= f1ae30e2b046a490026a8413b075685deb795122

References

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.