The Game Client Is Exposing Sensitive Information

Hello, the game client is exposing sensitive information about the players which can lead to session hijacking.

What is it exposing?

  • IP address
  • Session token

This information can be found by iterating through the ige.$$('player') object. I don’t know why this information is stored on the client-side but it needs to be addressed to avoid issues.

Proof of session hijacking

Hi, I have removed sessionId and IP address from player objects so let me know if you see can still access those data by some way.
The change should be live tomorrow. Thanks for reporting :smile: