Improper Message Integrity in Square Enix Final Fantasy XIV on Windows
CVE-2018-7295

8.1HIGH

Key Information:

Vendor
CVE Published:
23 May 2018

What is CVE-2018-7295?

The Final Fantasy XIV game client, specifically the ffxivlauncher.exe on Windows for versions 4.21 and 4.25, is susceptible to a vulnerability that allows a man-in-the-middle attacker to intercept communications. This occurs due to the session initiating with an insecure HTTP request to retrieve global.js before switching to a secure HTTPS connection. This flaw exposes user credentials during transmission, making it critical for users to update to Patch 4.3 to mitigate the risk.

References

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.