Digital Video Forums

Go Back   Digital Video Forums > General > Latest News

LinkBack Thread Tools Rate Thread Display Modes
Old 10 Feb 2017, 03:32 PM   #1
admin's Avatar
Join Date: Nov 2001
Posts: 8,505
Default Game Protection Company Denuvo Fails to Protect Their Own Website

An oversight by game protection provider Denuvo has allowed anyone, including game crackers, to access sensitive files stored on Denuvo's website.

Several provide directories on the Denuvo website appears to have lost their protection, or were never properly protected in the first place, and it has allowed anyone with a web browser to download and view the private files.

Instead of password protecting these private directories, many did not even have the "directory listing" feature disabled, which is usually the first thing server admins turn off when setting up a new website. With directory listing turned on, anyone can browse the contents of any directory that doesn't automatically direct to a web viewable file (such as index.html).

Once the flaw was discovered, many were quick to explore just what is on Denuvo's website, and some interesting files were discovered. One file, which appears to be a mail log (ajax.log), contained customer service emails dating back to 2014. These emails include conversations with game publishers such as Capcom and even Google, with these companies asking for more information on Denuvo's DRM-but-not-DRM products.

The log also contained emails from angry pirates, demanding to know why the company was keen to "f*** over pc gamers with DRM bullsh**" (sic).

More worryingly, the log also contains unencrypted private information, such as emails and phone numbers, for companies working with or interested in working with Denuvo.

Other files discovered include logs for the website itself, plus executables, one of which was a slide presentation detailing the company various security products.

At the time of writing, it appears the web admin team at Denuvo has already wised up to the potential security breach and, at the very least, turned off directory listings, and also deleted some of the more sensitive files, such as the ajax.log mail log file.
Visit Digital Digest and, My Blog
admin is offline   Reply With Quote


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
Denuvo Game DRM On Shaky Ground, Defeated By Zombie Horde admin Latest News 0 1 Feb 2017 05:17 PM
Denuvo Confident of Winning 'Cat and Mouse' Game against Pirates admin Latest News 0 22 Oct 2016 07:01 PM
X-PROTECT blue: A New Copy Protection for Blu-ray Disc Released admin Latest News 0 14 Jul 2008 10:07 PM

All times are GMT +10. The time now is 04:05 AM.

Kirsch designed by Andrew & Austin

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.6.0
Copyright © 1999 - 2011 Digital Digest

Visit DivXLand   Visit