Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Serious Security Vulnerability in Runescape

published on 2014-04-16 11:22:00 UTC by Trojan7Malware
Content:
I recently found a serious security issue with Jagex (who owns the worlds most popular MMORP called Runescape).

This security issue is caused when a customer wants to cancel their membership. Jagex asks for you to send them PLAINTEXT credit card details via EMAIL. Yes, you read correctly. Plaintext credit card information, potentially the most personal information via email.



This can become a major issues in many situations. I will list a few. If Runescape/Jagex mail servers and or support desk is hacked a malicious hacker can now read all these emails from people sending in their plaintext information. The other and more likely issue is a customers email is breached via malware or phising (yes there is targeted attacks at Runescape players) and now that hacker has access to the customers credit card details.

How can Jagex fix this?
Jagex could easily fix this by automating the process of cancelling. For example card number 1234 is linked with the username Person when Person clicks on the cancel subscription link it automatically stops requesting payments. This is basically what theyre already doing but making people send plaintext credit card details.The current procedure may breach data protection laws (UK), im not 100% sure with that. Regardless, this is a major vulnerability it jagex's payment processing method.








Disclaimer: Yes, I have emailed jagex several times about this without any human response (only the automated ones). They did not seem interested in patching this so I hope a little public pressure will.

Article: Serious Security Vulnerability in Runescape - published over 10 years ago.

http://trojan7malware.blogspot.com/2014/04/serious-security-vulnerability-in.html   
Published: 2014 04 16 11:22:00
Received: 2021 06 06 09:05:03
Feed: Trojan7Malware
Source: Trojan7Malware
Category: Cyber Security
Topic: Cyber Security
Views: 1

Custom HTML Block

Click to Open Code Editor