Описание
ffxivlauncher.exe in Square Enix Final Fantasy XIV 4.21 and 4.25 on Windows is affected by Improper Enforcement of Message Integrity During Transmission in a Communication Channel, allowing a man-in-the-middle attacker to steal user credentials because a session retrieves global.js via http before proceeding to use https. This is fixed in Patch 4.3.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Одно из
EPSS
8.1 High
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
ffxivlauncher.exe in Square Enix Final Fantasy XIV 4.21 and 4.25 on Windows is affected by Improper Enforcement of Message Integrity During Transmission in a Communication Channel, allowing a man-in-the-middle attacker to steal user credentials because a session retrieves global.js via http before proceeding to use https. This is fixed in Patch 4.3.
EPSS
8.1 High
CVSS3
4.3 Medium
CVSS2