In the US version of the MMORPG TERA there seems to have been a huge security gap for years. Now, it has been made public by clever players. The chat is currently disabled.
Apparently, it has been possible for years to abuse the general chat of TERA to send malware. A group of players has discovered that there was a catastrophic vulnerability.
This vulnerability could have been exploited by malicious individuals for all sorts of nefarious deeds, such as obtaining players’ IP addresses and then remotely triggering viruses or other malware.
Chat temporarily disabled – Developers learned of the gap on Reddit
The US operator of TERA, En Masse, has reacted to this discovery and temporarily disabled the chat in TERA. All chat functions except for guild chats are currently suspended.
In a statement, En Masse said: They learned about this vulnerability, like most users, through the official Discord and through a post on the subreddit. The developers were immediately notified about this vulnerability, and they addressed the issue with the utmost urgency.
Allegedly, no one exploited this gap for nefarious purposes
They take the risks of this vulnerability seriously, but currently, there is no evidence that anyone has exploited this vulnerability and user data has been compromised.
The public discussion surrounding this vulnerability in TERA’s community forums has some spicy elements: There is a disagreement in the forums about how much of the technical details may be made public. Posts have been deleted and accounts banned, out of fear that someone might distribute instructions on how to exploit the vulnerability.
The thanks from En Masse to the community is more directed towards the moderators and community ambassadors, who forwarded and then deleted the post, rather than to the finders of the vulnerability itself.
It is reasonable to assume: En Masse would have preferred if this vulnerability had not been posted in forums but rather communicated to them privately.
If you dare to venture into TERA despite all the problems, we recommend these guides for starting out:
