All a player has to do is /me @a to list every player in the game.
Do @a several times to make an even longer list. If you have a lot a players on the server, the resulting string will be too large and will disconnect everyone from the server unless they have their multiplayer chat settings set to HIDDEN. This is a severe exploit and needs to be fixed.
@a already doesn't work when you're whispering someone. It needs to be expanded to /me.
We had to whitelist our whole server (8664 players, which I had to pull from the scoreboard.dat) to stop this, because players are coming in waves just to wreak havoc on vanilla. Please patch. Thanks
PS Please hurry because undesirable characters are already spreading this easy mayhem around, and vanilla servers have no plugins to stop it:
http://www.hackforums.net/showthread.php?tid=3963589
How is this "unconfirmed"? Join any Vanilla server with 20+ members and type /me @a @a @a @a
Watch everyone, including yourself, get disconnected