Issue description
Steps will explain.
Steps to reproduce the issue
- Generate two accounts with same spelling but different capital usage(i.e. minijaham and mInIjaham).
- Log in with the first account and give op.
- Log in with second account and you should have op in that account as well.
OS and versions
- PocketMine-MP: First version - 3.17.3 https://github.com/pmmp/PocketMine-MP/commit/b296ae1b872aa0dbb6d118993aaab70913326b13
- PHP: 7.3
- Server OS:
- Game version: PE/Win10
Plugins
- If you remove all plugins, does the issue still occur?
Yes - If the issue is not reproducible without plugins:
- Have you asked for help on our forums before creating an issue?
I have, but I'm still waiting for an answer - Can you provide sample, minimal reproducing code for the issue? If so, paste it in the bottom section
No reproducing code
- Have you asked for help on our forums before creating an issue?
Crashdump, backtrace or other files
minijaham
All 10 comments
This bug cause from gamertag duplicate when creating account Xbox Live, not from server software.
AkmalFairuz
on 1 Feb 2021
This was tested with other usernames as well.
A lot of servers actually had the same issue.
minijaham
on 1 Feb 2021
Even Fallentech, Hyperlands, etc staff account got hacked by this method.
AkmalFairuz
on 1 Feb 2021
Exactly. Thanks to alvin though, he's told me a solution to this...
minijaham
on 1 Feb 2021
Have you report this bug to Microsoft or Xbox?
AkmalFairuz
on 1 Feb 2021
Have you report this bug to Microsoft or Xbox?
Not yet.
minijaham
on 1 Feb 2021
well done, you've just advertised a security vulnerability to hundreds of people...
I'm already aware of this issue thanks to people who informed me in a more responsible manner by emailing [email protected] or otherwise contacting us privately.
dktapps
on 1 Feb 2021
How come the issue hasn't been solved yet, if you were already aware of it?
minijaham
on 1 Feb 2021
Just wait Microsoft fix this bug. The solution is save real player gamertag without converted to lowercase.
AkmalFairuz
on 1 Feb 2021
How come the issue hasn't been solved yet, if you were already aware of it?
Because the issue lays with xbox usernames being allowed to have other unicode letters in their names.
Ignaciox
on 1 Feb 2021
Related issues
L3ice
路
21Comments
mal0ne-23
路
17Comments
MisteFr
路
29Comments
kenygamer
路
92Comments
KAGsundaram
路
43Comments
Most helpful comment
well done, you've just advertised a security vulnerability to hundreds of people...
I'm already aware of this issue thanks to people who informed me in a more responsible manner by emailing [email protected] or otherwise contacting us privately.