Status of Potential Chat Vulnerability

We were recently made aware of a potential vulnerability related to in-game chat. We learned about this the same way that many of you did, through our official Discord and a post made to the TERA subreddit yesterday which was promptly removed by the moderators there. We greatly appreciate those community and player council members who took efforts to quickly report this to us.

The developers of TERA were immediately made aware of the vulnerability and they are exploring an appropriate course of action with the highest urgency. While they do so, the team at En Masse is continuing to investigate and assist the developers in any way possible.

There are very serious claims floating around of what this vulnerability potentially allows malicious users to do. We are taking these claims very seriously but, as of this time, we have no evidence that the vulnerability is being exploited in these ways or that any player information has been compromised.

Please remember that posting about 3rd party software, hacks, or exploits is against the forum rules. With your continued support we can help prevent the spread of information that may aid users with malicious intent to exploit this or any other vulnerability or source tools that would facilitate it. If you have any information that may be valuable to our continued investigation of this, please PM our staff on the forums directly.

We will provide further updates on this vulnerability once we have more information.

Comments

  • We're going to be taking a maintenance at 5:30 p.m. PST today to apply a change that will prevent all chat EXCEPT guild chat. This is being done as a precautionary measure while En Masse and Bluehole investigate the vulnerability discussed in my previous post further. Expected downtime is about an hour.
  • Servers are back up.
  • We will be running an emergency maintenance on 11/11 at 8 a.m. PST. Expected downtime is approximately two hours.

    During this maintenance, we’ll be deploying a hotfix for a chat-related vulnerability that allowed the posting of images external to the TERA client in chat. All chat channels will be re-enabled following this maintenance.
  • The TERA servers will be down for maintenance on 11/14 starting at 8 a.m. PST. Expected downtime is approximately two hours.

    During this maintenance, a hotfix will be deployed to further address chat-related vulnerabilities, including disabling most usable HTML tags, the removal of the ability to post images local to the client in chat, and a client crash issue related to item-linking.
This discussion has been closed.