|
Dark Age of Camelot Weak Encryption Scheme
|
|
Secunia Advisory:
|
SA10429
|
|
|
Release Date:
|
2003-12-15
|
|
Popularity:
|
5,987 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Exposure of sensitive information
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Dark Age of Camelot
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
Description:
A weakness has been reported in Dark Age of Camelot, which may expose sensitive user information.
The problem is that Dark Age of Camelot has implemented an encryption scheme, which transmits enough information in clear text to allow malicious people, who can intercept traffic in transit, to decrypt any encrypted data. The encrypted data may include username, password, and credit card information.
A proof of concept exploit has been published, which can decrypt the data stream.
Reportedly only the North American version is affected as the European / Asian version communicate in a different way.
Solution:
Reportedly, version 1.66 live patch is not vulnerable.
Provided and/or discovered by:
Bryan Mayland
Todd Chapman
Original Advisory:
http://capnbry.net/daoc/daoc-billinginfo-exploit.html
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
