Jump to content
goosedeuce

Potential Account Security Vulnerability

Recommended Posts

goosedeuce

Hello, I submitted a support ticket with this information inside of it, but I haven't received a response and want to make sure that this doesn't get lost as it is potentially indicative of an account security vulnerability.

Today I was in game sorting things in my inventory when I received a popup notification saying that my friend request had been accepted.  This was odd because I had not sent any friend requests.  I opened my notifications and there was a message from a player that I have no connection to and sure enough they are also listed on my friends list.  I never sent any friend request.  I immediately deleted them, logged off my account, and updated my security information, and then submitted a support ticket.  I searched my logs and found that a friend request was initiated from my client, and that that request was accepted by this user.  I did not send this friend request, which means that this request was somehow initiated from my client without me sending the command to do so.  This potentially indicates a security vulnerability.  While what happened in this scenario was rather benign, what if any backend request can be remotely initiated by someone who has manage to trigger server requests as your client?  Has anyone else experienced this?  I just wanted to bring awareness to this in case this is indicative of something more serious.  Thank you for your time.

From my Log File:

Request that was sent from MY backend, without my knowledge:

2020-07-10 10:22:09.553 -04:00|0.12.6.8026|Info|backend|---> Request  URL: https://prod.escapefromtarkov.com/client/friend/request/send:


2020-07-10 10:22:09.729 -04:00|0.12.6.8026|Info|backend|<--- response URL: https://prod.escapefromtarkov.com/client/friend/request/send, time: 0.175 seconds:

 

Whoever that request was sent to accepts this request, I check my notifications and see message from this player and their name has been added to my friends list:

2020-07-10 10:23:07.439 -04:00|0.12.6.8026|Info|backend|---> Request  URL: https://prod.escapefromtarkov.com/client/mail/dialog/info:

2020-07-10 10:23:07.588 -04:00|0.12.6.8026|Info|backend|<--- response URL: https://prod.escapefromtarkov.com/client/mail/dialog/info, time: 0.147 seconds:

 

As I did not initiate this and it is signaling alarms in my head, I remove this player from my friends list:

2020-07-10 10:23:15.269 -04:00|0.12.6.8026|Info|backend|---> Request  URL: https://prod.escapefromtarkov.com/client/friend/delete:

2020-07-10 10:23:15.446 -04:00|0.12.6.8026|Info|backend|<--- response URL: https://prod.escapefromtarkov.com/client/friend/delete, time: 0.175 seconds:

 

I log out of my account and submit support ticket on EFT website:

2020-07-10 10:24:59.298 -04:00|0.12.6.8026|Info|backend|---> Request  URL: https://prod-01.escapefromtarkov.com/client/game/logout:

2020-07-10 10:24:59.476 -04:00|0.12.6.8026|Info|backend|<--- response URL: https://prod-01.escapefromtarkov.com/client/game/logout, time: 0.177 seconds:

 

Share this post


Link to post
Share on other sites
fuomag9

Sounds like a CSRF to me

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...
b38e7c858218a416ef714554dce933a2