WEB-727

Security Issue: Mojang.com doesn't use encrypted connection (HTTPS) by default

Resolved

Fixed

The issue

When you literally only enter the URL mojang.com (which is technically http://mojang.com), the encrypted Mojang site (https://mojang.com) won't automatically be used.

Effects

This opens up the possibility for hackers and eavesdroppers to manipulate the content of the site and spy on users of the unencrypted http://mojang.com site.

_{Tags: redirect, redirection}

Comments 0

No comments.

Reporter: Swekob

Assignee: web

Created: 2017-02-23T10:49:52Z

Updated: 2025-02-25T18:47:53Z

Resolved: 2017-04-03T12:53:56Z

Confirmation Status:

Components:

Labels: encryption, http, https, privacy, redirection, security, url

Retrieved 2025-09-15T07:48:42Z