MBTH Login Security -----
Secure your server, protect your players — login made safe and simple. ✅Login Exploits Fixed.
CRITICAL SECURITY UPDATE - v1.0.1
⚠️ URGENT: All Users Must Update Immediately
[HR][/HR]
Critical Vulnerability Fixed
A critical session hijacking exploit has been discovered and patched in this release. This vulnerability allowed attackers to disconnect legitimate players and bypass authentication on cracked servers.
Severity: CRITICAL
Impact: Complete authentication bypass
Affected Versions: v1.0.0 and earlier
Status: ✅ FIXED in v1.0.1
[HR][/HR]
️ What Was Fixed?
The Exploit:
The Fix:
[HR][/HR]
What's New in v1.0.1
Security Enhancements:
Notifications:
When an attack is attempted, the system now:
[HR][/HR]
How to Update
No configuration changes required!
No database migration needed!
Fully backward compatible!
[HR][/HR]
Technical Details
Implementation:
Performance:
[HR][/HR]
Testing Performed
[HR][/HR]
Documentation
Complete documentation available on GitHub:
View Full Documentation
[HR][/HR]
⚡ Why Update Now?
This is not just a feature update - it's a critical security patch.
Without this update:
With this update:
[HR][/HR]
Support
If you encounter any issues:
[HR][/HR]
Changelog
v1.0.1 (Critical Security Update)
[HR][/HR]
⚠️ ACTION REQUIRED
This is a critical security fix that protects your players from session hijacking attacks. The vulnerability completely bypasses authentication and can be exploited by anyone.
[HR][/HR]
[HR][/HR]
Note: This update is mandatory for all servers running in cracked/offline mode. Premium-only servers are less affected but should still update for consistency and future-proofing.
⚠️ URGENT: All Users Must Update Immediately
[HR][/HR]
Critical Vulnerability Fixed
A critical session hijacking exploit has been discovered and patched in this release. This vulnerability allowed attackers to disconnect legitimate players and bypass authentication on cracked servers.
Severity: CRITICAL
Impact: Complete authentication bypass
Affected Versions: v1.0.0 and earlier
Status: ✅ FIXED in v1.0.1
[HR][/HR]
️ What Was Fixed?
The Exploit:
- Attackers could join with the same username as an online player
- Minecraft would kick the original player ("Logged in from another location")
- The attacker could then access the server, completely bypassing password/PIN authentication
- Made the entire security system useless
The Fix:
- ✅ Added pre-login username blocking system
- ✅ Duplicate username attempts are now blocked BEFORE the original player is affected
- ✅ Original player stays connected and receives a security notification
- ✅ Comprehensive logging and admin alerts
- ✅ Discord webhook integration for security events
- ✅ Full audit trail with IP tracking
[HR][/HR]
What's New in v1.0.1
Security Enhancements:
- ️ Pre-login duplicate username detection
- Real-time security alerts for hijacking attempts
- Enhanced logging system with full audit trails
- Multi-layer notifications (console, in-game, admin, Discord)
- ⚡ Zero performance impact (< 0.1ms per connection check)
Notifications:
When an attack is attempted, the system now:
- Blocks the attacker before they can join
- Alerts the victim player in-game
- Notifies all online admins
- Logs everything to console with full details
- Sends Discord webhook (if configured)
[HR][/HR]
How to Update
- Download the new MBTHLoginSecurity-1.0.1.jar
- Stop your server
- Delete the old v1.0.0 JAR file
- Upload the new v1.0.1 JAR to your plugins folder
- Start your server
- ✅ Done! Protection is automatic - no configuration needed
No configuration changes required!
No database migration needed!
Fully backward compatible!
[HR][/HR]
Technical Details
Implementation:
- Uses AsyncPlayerPreLoginEvent to check usernames before connection
- Maintains real-time tracking of online player usernames
- Blocks duplicate username connections at the protocol level
- Automatic cleanup on disconnect and plugin reload
Performance:
- Memory overhead: ~10KB per 100 players (negligible)
- CPU overhead: < 0.1ms per connection check
- Network overhead: None (except Discord webhooks during attacks)
[HR][/HR]
Testing Performed
- ✅ Normal player joins work perfectly
- ✅ Duplicate username attacks blocked successfully
- ✅ Original players stay connected without disruption
- ✅ All notifications working (console, in-game, Discord)
- ✅ Legitimate reconnections work normally
- ✅ Plugin reload tested and verified
- ✅ Zero performance impact confirmed
[HR][/HR]
Documentation
Complete documentation available on GitHub:
- Session Hijacking Fix Guide - Technical deep dive (15+ pages)
- Security Update Guide - Complete update instructions
- Quick Fix Summary - One-page reference
View Full Documentation
[HR][/HR]
⚡ Why Update Now?
This is not just a feature update - it's a critical security patch.
Without this update:
- ❌ Your players can be kicked by anyone who knows their username
- ❌ Attackers can bypass all authentication (passwords, PINs, everything)
- ❌ Your server security is completely compromised on cracked mode
With this update:
- ✅ Players are fully protected from session hijacking
- ✅ All authentication systems remain secure
- ✅ Real-time detection and blocking of attacks
- ✅ Complete audit trail for security monitoring
[HR][/HR]
Support
If you encounter any issues:
- Discord: Join Support Server
- GitHub Issues: Report Problems
- Documentation: Read the Guides
[HR][/HR]
Changelog
v1.0.1 (Critical Security Update)
- FIXED: Critical session hijacking vulnerability
- ️ ADDED: Pre-login username blocking system
- ADDED: Real-time security alerts
- ADDED: Enhanced logging and audit trails
- ADDED: Multi-layer notification system
- ✅ IMPROVED: Zero performance overhead
- ADDED: Comprehensive security documentation
- Password authentication with SHA-256
- GUI PIN Vault system
- Discord webhook integration
- Alt account detection
- Session management
- Login method choice GUI
- Complete admin toolset
[HR][/HR]
⚠️ ACTION REQUIRED
If you're running v1.0.0 on a cracked server, update IMMEDIATELY.
This is a critical security fix that protects your players from session hijacking attacks. The vulnerability completely bypasses authentication and can be exploited by anyone.
[HR][/HR]
Downloads & Links
![[IMG]](//proxy.spigotmc.org/701a9fd57531cfada66438bcbd7e01e8db9ca9ae/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f446f776e6c6f61642d76312e302e312d626c75653f7374796c653d666f722d7468652d6261646765)
![[IMG]](//proxy.spigotmc.org/bced7bc7004f35404bb6cc993f18ee7e36d566c8/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4769744875622d536f757263652d626c61636b3f7374796c653d666f722d7468652d6261646765266c6f676f3d676974687562)
![[IMG]](//proxy.spigotmc.org/d7311520920d93c04ef0076c08aca55c51368405/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f446973636f72642d537570706f72742d3732383964613f7374796c653d666f722d7468652d6261646765266c6f676f3d646973636f7264)
Stay secure!
- MBTH Studios Development Team
Stay secure!
- MBTH Studios Development Team
[HR][/HR]
Note: This update is mandatory for all servers running in cracked/offline mode. Premium-only servers are less affected but should still update for consistency and future-proofing.
Resource Information
Author:
----------
Total Downloads:
30
First Release:
Oct 4, 2025
Last Update:
Oct 29, 2025
Category:
---------------
All-Time Rating:
0 ratings
Version
-----
Released:
--------------------
Downloads:
------
Version Rating:
----------------------
-- ratings