Tests on DOOM Eternal were conducted under our Grey Box penetration testing service.
In collaboration with Bethesda, Cyrex’ security engineers were contracted to perform penetration testing on the backend, non-gameplay services of DOOM Eternal.
The testing was focused to ensure validity of the server-side security controls. We did this by ethically hacking a variety of functionalities such as:
- Matchmaking system
- Party and party management systems
- Creation and registration of player accounts
- Session management and authentication
- Account of profile management
- In-game achievement and rewards
Results
Cyrex’ security engineers found a number of vulnerabilities, ranging from low priority to some that Bethesda deemed of critical importance. Exploitation of these flaws by a malicious actor would have been devastating to the developers, publishers, and the players of DOOM Eternal. Once concluded, the team at Bethesda were happy with our services, having secured a number of key vulnerabilities that had gone unseen. Sanity and regression tests followed once patching was completed.
Further details about the vulnerabilities cannot be disclosed due to the sensitive nature and a mutual agreement between the teams at Bethesda and Cyrex.
