PTR Security Advisory: Cereus Poker Network uses weak encryption
Cereus Poker Network uses weak encryption, poor security practices
| Release Date | 2010-05-06 | |
| Last Update | 2010-05-06 | |
| Severity | Critical | |
| Impact | Exposure of sensitive information | |
| Where | Network access required | |
| Solution Status | None | |
| Poker Sites | Absolute Poker, Ultimate Bet | |
The Cereus poker network uses a weak xor based encryption mechanism for all network transmissions instead of the industry standard SSL. The encryption key can be easily identified from a network dump and used to decrypt all information transmitted between the client application and the Cereus servers.
In our lab we are able to intercept and decode the user's login name (e-mail address), and receive an MD5 hash of their password, as well as their seat number and hole cards. Once the MD5 password hash has been intercepted, we've been able to log in using the intercepted login name by overwriting the outgoing login packet with the intercepted MD5 hash - thus logging in the victim's poker account without their knowledge, remotely.
We've also been able to remotely display all seat numbers and hole cards on a compromised network.
All proof of concepts have been shown to work over a compromised WPA2 encrypted wireless network as well as unencrypted wireless networks, and physical network access (either through a hub, ARP man in the middle attack, or otherwise).
Solution
Vendor has been notified of the vulnerability and advised to upgrade their software to use the free open source OpenSSL library. No solution available from Cereus as of yet.
User Recommendations
PTR recommends that you discontinue using the Cereus network until this issue is addressed.
If you continue to play on Cereus PTR recommends that you physically plug into your modem and bypass any switch, router, wireless network or other network device. We do not recommend playing on any unknown network connections.
Proof of concept
Withheld pending response from Cereus, to be publically released 1 week after notifying Cereus.
2010-05-06 Update: Cereus has acknowledged issue and is working towards a solution we will with hold source to give them time to implement their solution.
Changelog
2010-05-06: Issue originally reported, Cereus network notified
2010-05-06: Cereus responds appears to be taking issues seriously http://www.pokertableratings.com/blog/2010/05/cereus-poker-security-response/
first!!! sick news good work ptr
hence XBLINK?
NOONE should play on Cereus at this point, anyone working for an ISP could intercept this data now that you've made the technical mechanism public. You are still very vulnerable regardless of being plugged in hard wired.
Great find.
mother*****s
wouldnt it be smarter to notify AP privately and only bring this to the public if AP ignores it?
h4xorz
they make it public because if they don't, then the whole disgusting practice of "security through obscurity" will continue. (Microsoft perfect example)
They did the right thing making public notification.
Now, if they posted the actual exploit itself, that may be questionable.
-- Smoovious
sick thx for the heads up PTR!! This is a pretty serious issue.
Nope, they didn't did the right thing.
Industry standard to alert first the developers/owner/whatever and agree with them on a release date . Of course if they don't respond then you publish.
while is not the actual exploit but enough data was released imho so 2-3 good programers("hackers") can make their own version (of hack) before Cereus can upgrade their servers, release a new program etc.
Good work PTR.I dont play on this network cos i've not had any electric shock therapy, I mean who would ?
PTR, i am truly impressed. Between the amazing cooperation you guys showed in helping uncover the stockstrader collusion/cheating and now this... Great work.
Cereus is such a joke