Improper Message Integrity in Square Enix Final Fantasy XIV on Windows
CVE-2018-7295
8.1HIGH
What is CVE-2018-7295?
The Final Fantasy XIV game client, specifically the ffxivlauncher.exe on Windows for versions 4.21 and 4.25, is susceptible to a vulnerability that allows a man-in-the-middle attacker to intercept communications. This occurs due to the session initiating with an insecure HTTP request to retrieve global.js before switching to a secure HTTPS connection. This flaw exposes user credentials during transmission, making it critical for users to update to Patch 4.3 to mitigate the risk.
