Categories
World of Warcraft

Blizzard Authenticator Exploit

Today I decided to warn Blizzard about the security flaw in their “Blizzard Authenticator” implementation.

As a couple of you know already (literally a couple) I have found a way to bypass it. Should a hacker find the same method I discovered, it would make those authenticators close to useless.

For the moment Blizzard decided just to ignore me, which is eventually making me upset.

I don’t know as of now if or when I will disclose the news to the public, but if Blizzard keeps ignoring me that shall happen soon. Very, very soon.

Update: it seems that my last comment (and one of the repliers) have been just trashed. Total replies: 2, only comment visible: mine. Oh, Blizz, that’s a no-no.

Update #2: They eventually answered and showed it all back. Stay tuned. Moar updates soon.

2 replies on “Blizzard Authenticator Exploit”

I’ve been thinking quite every day for the past weeks wether or not I should disclose to public, and especially when to…

I’ve been asked to wait, to let blizzard fix the problem or reply to me before releasing to the public.

On the other hand, just as it’s written in the automatical response, an answer could never be sent to me. Also, by releasing to the public I could provide a workaround for the matter.

I believe that in a day or two I will disclose it though, mabye even in a few hours.

In the end I just didn’t wanted to rush without thinking upon it a few gazillion times.