CVE-2018-7295

Name of the Vulnerable Software and Affected Versions Square Enix Final Fantasy XIV versions 4.21 through 4.25

Description The issue arises from improper enforcement of message integrity during transmission in a communication channel. This allows a man-in-the-middle attacker to steal user credentials. The problem occurs because a session retrieves global.js via http before proceeding to use https.

Recommendations For versions 4.21 through 4.25, update to Patch 4.3 to resolve the issue. As a temporary workaround, consider restricting access to unsecured http connections to minimize the risk of exploitation.