TERA's Chat System Reportedly Leaves Game Open For Exploits

QuintLyn Bowers
By QuintLyn Bowers, News Editor
Share:


**UPDATE** Nov. 13

Although not explicitly stated by En Masse, it appears that the hotfix did go through on the 11th and chat has been returned to normal. That said, players logging on after the hotfix have noted that their personal settings for the game have been undone. So, just to be on the safe side, you might want to turn your volume down before logging into the game.

**UPDATE** Nov. 10

En Masse Entertainment posted a response to this later in the day yesterday stating that they are "taking these claims very seriously, but as of this time, [they] have no evidence" that the exploit is being used in the way described or that it's compromised player information.

In the meantime, they've applied a patch that will prevent all chat except guild chat as a precaution while they investigate.

**Original Post** Nov. 9

Using chat in TERA may not be the safest thing to do. No, I don't mean due to general toxic community behavior. Rather, I mean that it can apparently be exploited by players due to the fact that it uses HTML.

Recently Redditor Gosukek made note of the fact that the way En Masse Entertainment handles the game's chat leave players open to a wide variety of questionable activity. These include things like sending clickable links or external images -- even on megaphone. This means that every connected client opens images, whether the chat is visible or not; something which could result in less savory people having access to everyone's IP address.

Other alleged activities believed to be allowed would be to crash people's clients using the whisper feature, or even by spamming it in global. And even more nefarious, someone could possibly delete other player's characters or items, although Gosukek refrained from explaining exactly how that works.

The document Gosukek put together also references Remote code execution, stating:

"Remote code execution This is the big one, if you skip past everything else PLEASE READ THIS. Due to several factors that I will not go into detail with, there is a very real possibility that this could be used to remotely execute code on clients computers. This means the potential for this to be used to spread malware, viruses, keyloggers, all kinds of juicy shit, is VERY REAL and VERY VERY VERY VERY VERY F* SERIOUS. This is a HUGE deal and I cannot f* state that enough. This is beyond a simple data breach and the fact that it has been swept under the rug is appalling (I will talk about this more in the drama section). I know that this is scary, but you should be f* scared, this is potentially a very serious issue. I have not tested it myself as it's 2spooky even for me, however by all accounts it should work."

Needless to say, if true, there appears to be a lot of risks associated with using the TERA in-game chat, and apparently there's not a whole hell of a lot you can do about this -- unless you want to make use of tera-proxy as a mode of protection. But let's just say that option is ethically questionable. Not that this matters to everyone since the whole banning incident back in May.

However, just in case there is a solution in the works, we have reached out to En Masse Entertainment for comment (in addition to the post they already made.) Should they respond, we will update this post. In the meantime, you can read Gosukek's writeup on the issue and check out any comments on the Reddit post.

Share:
Got a news tip? Contact us directly here!

In this article: TERA, En Masse Entertainment.

About the Author

QuintLyn Bowers
QuintLyn Bowers, News Editor
QuintLyn is a long-time lover of all things video game related will happily talk about them to anyone that will listen. She began writing about games for various hobby sites a little over ten years ago and has taken on various roles in the games community.

Discussion (1)

Preciel 5 years ago
there are still people not avoiding enmasse? lmao


Read Next

Dreadnought Makes It Easier To Fight -- And Keep Fighting -- With Friends

Dreadnought Makes It Easier To Fight -- And Keep Fighting -- With Friends

Update 1.9.5 for the open beta of Dreadnought has just gone live for PC players.

By Jason Winter - 5 years ago

You May Enjoy

Fortnite’s iOS Version Is About To Become Even Worse

Fortnite’s iOS Version Is About To Become Even Worse

At the end of the month, they’ll no longer allow players to spend V-Bucks.

By QuintLyn Bowers - 1 week ago
FFXIV’s Director & Producer Naoki Yoshida Says He’s “Really Looking Forward” To The MMORPG Blue Protocol

FFXIV’s Director & Producer Naoki Yoshida Says He’s “Really Looking Forward” To The MMORPG Blue Protocol

Several experienced people from the FFXIV Team are also now working on Blue Protocol.

By Aspen Pash - 1 day ago
Tower Of Fantasy Introduces A New Special Forces Agent In Next Week's Update

Tower Of Fantasy Introduces A New Special Forces Agent In Next Week's Update

Alyss, codename M-sec 2000 can transform into a fairy for infiltration purposes.

By QuintLyn Bowers - 5 days ago
Breaking From Typical MMORPGs: Looking Back At Broken Ranks One Year Later

💣 Feature | Breaking From Typical MMORPGs: Looking Back At Broken Ranks One Year Later

A lot can change in a year, but has Broken Ranks hit its stride yet?

By Troy Blackburn - 1 week ago
Microsoft Claims Sony Created A False Narrative To Try And Dissuade EU Regulators Concerning The Acquisition of Activision Blizzard

Microsoft Claims Sony Created A False Narrative To Try And Dissuade EU Regulators Concerning The Acquisition of Activision Blizzard

“It would defy business logic for us to exclude PlayStation.”

By Aspen Pash - 1 day ago
RUMOR: Insider Believes Rumbleverse Will Reportedly Shut Down At The End Of February

RUMOR: Insider Believes Rumbleverse Will Reportedly Shut Down At The End Of February

Take a hefty grain of salt with this one.

By Anthony Jones - 1 day ago