News Section Logo NEWS - Return to news section

 

Game Protection Company Denuvo Fails to Protect Their Own Website

Posted by: , 15:32 AEDT, Fri February 10, 2017

Permanent Link     Add Comments
submit to reddit
Denuvo helps protect games but failed to offer even basic protection for their own website
News story feature image

An oversight by game protection provider Denuvo has allowed anyone, including game crackers, to access sensitive files stored on Denuvo's website.

Several provide directories on the Denuvo website appears to have lost their protection, or were never properly protected in the first place, and it has allowed anyone with a web browser to download and view the private files.

Instead of password protecting these private directories, many did not even have the "directory listing" feature disabled, which is usually the first thing server admins turn off when setting up a new website. With directory listing turned on, anyone can browse the contents of any directory that doesn't automatically direct to a web viewable file (such as index.html).

Once the flaw was discovered, many were quick to explore just what is on Denuvo's website, and some interesting files were discovered. One file, which appears to be a mail log (ajax.log), contained customer service emails dating back to 2014. These emails include conversations with game publishers such as Capcom and even Google, with these companies asking for more information on Denuvo's DRM-but-not-DRM products.

The log also contained emails from angry pirates, demanding to know why the company was keen to "f*** over pc gamers with DRM bullsh**" (sic).

More worryingly, the log also contains unencrypted private information, such as emails and phone numbers, for companies working with or interested in working with Denuvo.

Other files discovered include logs for the website itself, plus executables, one of which was a slide presentation detailing the company various security products.

At the time of writing, it appears the web admin team at Denuvo has already wised up to the potential security breach and, at the very least, turned off directory listings, and also deleted some of the more sensitive files, such as the ajax.log mail log file.


Comments:

Related News:

News Icon Denuvo Confident of Winning 'Cat and Mouse' Game against Pirates

posted by: Sean F, 10:34 AEDT, Sun October 23, 2016

News Icon 'DRM doesn't work and makes our games worse', says Game Devs

posted by: Sean F, 15:32 AEDT, Sat October 22, 2016

News Icon Denuvo Game DRM On Shaky Ground, Defeated By Zombie Horde

posted by: Sean F, 17:17 AEDT, Wed February 1, 2017

News Icon Capcom Releases, and Then Pulls Street Fighter v Anti-Crack Patch

posted by: Sean F, 16:54 AEST, Thu September 29, 2016

News Icon GOG Gives Gamers Option to Redeem DRM-Free Copy of Their Steam Games

posted by: Sean F, 14:38 AEST, Sat June 4, 2016