Reflective Encryption Vulnerability in Minosoft Minecraft Client
CVE-2024-56141
5MEDIUM
What is CVE-2024-56141?
The Minosoft Minecraft Client, an open-source project, has a serious encryption vulnerability that arises from a flawed initialization vector (IV) used in its AES cipher. Specifically, the CryptManager's IV is set equal to the secret key instead of a randomly generated value. This design flaw exposes the system to chosen-ciphertext and chosen-plaintext attacks, whereby an attacker can submit selected messages for encryption, potentially allowing them to recover the secret key. This vulnerability affects all versions of the client that support Minecraft protocol 1.7 and later, and currently, there are no available patches or workarounds.
Affected Version(s)
Minosoft >= f1ae30e2b046a490026a8413b075685deb795122
