Trending Games | Pirate101 | ArcheAge | Wasteland 2 | Destiny

  Network:  FPSguru RTSguru
Login:  Password:   Remember?  
Show Quick Gamelist Jump to Random Game
Members:2,858,846 Users Online:0
Games:742  Posts:6,244,035
Artifact Entertainment | Official Site
MMORPG | Genre:Fantasy | Status:Final  (rel 12/08/03)  | Pub:Virtrium
Distribution:Download | Retail Price:Free | Pay Type:Subscription
System Req: PC | ESRB:TOut of date info? Let us know!

Istaria: Chronicles of the Gifted News - Client Vulnerability Report

Posted by Dana Massey on Oct 31, 2006  | 42 comments in our forums

EI Interactive's troubles continue. A report was filed on August 24th, 2006 and sent to EI Interactive and previous owners Tulga Games that chronicled all the ways their client was vulnerable to outside intruders, a source within the original development team confirms. They also notified MMORPG.com of this report.

After a 60 day moritorium without action, the report was released online today. EI Interactive then took their game servers offline and replaced the login screen with an new version as seen here. Since then, their servers have been up and down. It is unclear whether the vulnerabilities still exist based on today's action.

Horizons uses a SOAP API to interchange data/commands between the Application Server and several Clients. The API doesn't verify the source which does trigger functions, which opens up multiple abuse possibilities.

A vulnerability has been discovered in the Horizons SOAP API that allows an attacker to modify account and character information such as:

- change payment and subscription information
- create bogus/non-charged/unverified billings
- rename characters
- retrieve sensitive server/shard information
- activate/ban the account
- change account status like trial,
- add promotions (free, military, other promotions etc.)
- change/add keys

You can read the full report here.

Read more Exclusive News...

 
 
 
Leave this field empty
Post Your Comment:
Our Rating
7.1
User Rating: 6.8