Posted: Jan 21, 2021 in Minecraft
Security Alert! Earlier last week, a vulnerability with Dynmap was discovered when configured to use MySQL which allowed remote attackers to expose the database credentials when accessing a specific endpoint on the web-viewer.
Fortunately, the issue was quickly acted on by the developer of the plugin and a fix was rolled out.
We strongly urge all Dynmap users to update their plugin version to the latest security patch to avoid potential issues in the future.
To install the newest version, follow our FTP guide in order to delete the old version and upload the updated version: https://apexminecrafthosting.com/how-to-connect-via-ftp/
If you used Dynmap on the vulnerable builds and need to update your database passwords, head on over to the Control Panel here → Go to my server → MySQL Database → Change Password.
Then update your database password for all the plugins using MySQL.
In an effort to be proactive, any customer who was running a vulnerable Dynmap service using MySQL has been automatically detected and we’ve intervened to ensure that they’re now running the patched version. Those who had interventions will receive an intervention notice via email with information as to what steps to next take to secure their databases. We got your back!