Vulnerabilities > CVE-2018-7295 - Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Square-Enix Final Fantasy XIV 4.21/4.25
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
ffxivlauncher.exe in Square Enix Final Fantasy XIV 4.21 and 4.25 on Windows is affected by Improper Enforcement of Message Integrity During Transmission in a Communication Channel, allowing a man-in-the-middle attacker to steal user credentials because a session retrieves global.js via http before proceeding to use https. This is fixed in Patch 4.3.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |