Results 1 to 3 of 3
  1. #1
    pr0ctor's Avatar
    Join Date
    Feb 2018
    Gender
    female
    Posts
    1
    Reputation
    10
    Thanks
    0

    Exclamation Servers & Clients fulnerable to remote code execution ?

    *vulnerable..

    Hi,

    this is more a technical question about the possibility itself and whether there is currently a high risk in starting CF.
    (Apart from the theoretical attack surface.)
    I am not interested in hacking the servers, more in protecting people from a possible security breach.

    According to some people you can DDOS other players ingame, without any other contact than being in the same lobby.
    Meaning you get their IP through the game itself.
    This would mean the servers are vulnerable to leaking IPs, spinning this ahead we could reach command sending to other clients and in the end remote code execution (by using the buffer overflow of your choice in the command parser of CF). While the CF process is running as Administrator...

    A friend of mine had his epic games ID & Password written in the (crossfire) lobby chat without any interaction.
    Is this a thing or just a rumor with a bad timing of a friend having probably done something wrong ?
    Last edited by pr0ctor; 02-13-2018 at 07:33 AM. Reason: vulnerable

  2. #2
    critikal17's Avatar
    Join Date
    Jul 2017
    Gender
    male
    Location
    Your bitch's house
    Posts
    146
    Reputation
    10
    Thanks
    45
    My Mood
    Daring
    Sounds like your friend has done something wrong. A security bug that big would've been found ages ago.
    Contact me on skype if you need something programmed


  3. #3
    quanschink's Avatar
    Join Date
    Jul 2011
    Gender
    male
    Posts
    365
    Reputation
    10
    Thanks
    36
    My Mood
    Sneaky
    this risk is too big to get unnoticed by z8games, your friend must be joking.

Similar Threads

  1. Replies: 0
    Last Post: 10-05-2013, 11:58 AM
  2. Replies: 12
    Last Post: 05-29-2010, 05:50 AM
  3. Replies: 0
    Last Post: 10-13-2008, 09:24 PM
  4. Replies: 0
    Last Post: 09-01-2008, 08:28 PM
  5. Replies: 0
    Last Post: 03-25-2008, 12:31 PM