Servers & Clients fulnerable to remote code execution ?
this is more a technical question about the possibility itself and whether there is currently a high risk in starting CF.
(Apart from the theoretical attack surface.)
I am not interested in hacking the servers, more in protecting people from a possible security breach.
According to some people you can DDOS other players ingame, without any other contact than being in the same lobby.
Meaning you get their IP through the game itself.
This would mean the servers are vulnerable to leaking IPs, spinning this ahead we could reach command sending to other clients and in the end remote code execution (by using the buffer overflow of your choice in the command parser of CF). While the CF process is running as Administrator...
A friend of mine had his epic games ID & Password written in the (crossfire) lobby chat without any interaction.
Is this a thing or just a rumor with a bad timing of a friend having probably done something wrong ?
Last edited by pr0ctor; 02-13-2018 at 07:33 AM.