Trending Games | World of Warcraft | Overwatch | Fallout 76 | Outer Worlds

    Facebook Twitter YouTube YouTube.Gaming Discord
Quick Game Jump
Members:3,824,132 Users Online:0
Artifact Entertainment | Official Site
MMORPG | Setting:Fantasy | Status:Final  (rel 12/08/03)  | Pub:Virtrium
Distribution:Download | Retail Price:Free | Pay Type:Subscription
System Req: PC | ESRB:TOut of date info? Let us know!

Client Vulnerability Report

Posted by Dana Massey on Oct 31, 2006  | Comments

Client Vulnerability Report -

EI Interactive's troubles continue. A report was filed on August 24th, 2006 and sent to EI Interactive and previous owners Tulga Games that chronicled all the ways their client was vulnerable to outside intruders, a source within the original development team confirms. They also notified of this report.

After a 60 day moritorium without action, the report was released online today. EI Interactive then took their game servers offline and replaced the login screen with an new version as seen here. Since then, their servers have been up and down. It is unclear whether the vulnerabilities still exist based on today's action.

Horizons uses a SOAP API to interchange data/commands between the Application Server and several Clients. The API doesn't verify the source which does trigger functions, which opens up multiple abuse possibilities.

A vulnerability has been discovered in the Horizons SOAP API that allows an attacker to modify account and character information such as:

- change payment and subscription information
- create bogus/non-charged/unverified billings
- rename characters
- retrieve sensitive server/shard information
- activate/ban the account
- change account status like trial,
- add promotions (free, military, other promotions etc.)
- change/add keys

You can read the full report here.

Avg. User Rating: 6.8
(834 Votes)