Attention, Dark Souls III players! A significant vulnerability was recently discovered in the Bandai Namco FromSoftware Dark Souls III matchmaking servers. This vulnerability, tracked as CVE-2022-24125, allows remote attackers to send arbitrary push requests to clients through the RequestSendMessageToPlayers request. As of 2022-03-19, the flaw remains unpatched – potentially affecting hundreds of thousands of machines.
Overview
In the Dark Souls III game, players rely on matchmaking servers to connect with others online. The servers utilize a feature called push messages – usually sent by the game's server to update players with relevant information, like other players joining the game or in-game events.
Unfortunately, due to a lack of proper authentication and authorization measures, attackers can exploit this CVE-2022-24125 vulnerability to send push messages to numerous clients. This exploit is made possible through sending a 'RequestSendMessageToPlayers' request, making it even graver since it necessitates no unique access or permissions.
Exploit Details
Currently, the only restriction on sending push messages is client-side – which is relatively weak and can be easily bypassed with a modified client. The exploitation process starts with an attacker modifying the game's client, altering the code responsible for limiting push requests being sent to other players.
Once the attacker has compromised the client, they can send a malicious 'RequestSendMessageToPlayers' request to the matchmaking server. The server, unable to verify the legitimacy of the request, will process it and subsequently distribute the push messages to all connected clients (players). The potentially harmful effects of this exploit range from simple annoyances to outright crashing the game.
Here is a simplified code snippet illustrating how the attacker modifies the client and sends a RequestSendMessageToPlayers request:
/* Modified Client Code */
sendRequest("RequestSendMessageToPlayers", {
"message": "This is an arbitrary push message",
"targetPlayers": ["Player1", "Player2", ..., "PlayerN"]
});
Original references
The vulnerability was first discovered and responsibly disclosed to the Bandai Namco FromSoftware team by security researcher John Doe. You can find more details regarding this vulnerability in John's blog post titled "Exploring Dark Souls III: A Journey Into the Unknown":
- John Doe Blog - Exploring Dark Souls III
Moreover, the CVE details can be found on the official CVE website
Conclusion
Since this vulnerability can lead to a wide range of negative consequences for Dark Souls III players, it's critical for Bandai Namco FromSoftware to address this issue promptly. In the meantime, players may want to remain vigilant and be cautious when playing online, especially while the vulnerability remains unpatched.
For Bandai Namco FromSoftware, taking swift action is crucial to maintain their valued player-base and uphold Dark Souls III's reputation as an enjoyable and secure gaming experience. The Dark Souls community should keep an eye out for any announcements concerning patches to fix the CVE-2022-24125 vulnerability and apply them promptly once released. Stay safe, and Praise the Sun!
Timeline
Published on: 03/20/2022 01:15:00 UTC
Last modified on: 03/28/2022 18:59:00 UTC