PC Gaming @lemmy.ca alessandro @lemmy.ca 11 mo. ago

Counter-Strike 2 players warned not to play CS2 as huge exploit could leak your IP

www.pcgamesn.com Counter-Strike 2 players warned not to play CS2 as huge exploit could leak your IP

A series of tweets and Reddit discussions are urging players to avoid Counter-Strike 2, as a security breach has been found in CS2's code.

35 comments

The headline is about exposing your IP, which frankly isn't that big of a deal. The actual article says it exposed your IP, and then includes arbitrary code execution as the after thought... Clearly the code execution is the massive vulnerability here lol
If only leaking your IP was the huge exploit lmao. It literally allowed for arbitrary code execution which is infinitely worse. Honestly bad title by the author of that article, it's far more serious than they let on.

Pretty unfortunate bug but at least they patched it pretty quickly it seems.
If you're worried about your IP being "leaked" you have no idea what an IP is. You can literally grab everyone's IP using the console commands to list the players.
- Man shut down the net. When you visit a site your IP is leaked, well be the next headline.
- Status no longer reports user Ips as those are hidden through some steam routing, I'm not sure if rcon status still reports it but that would be limited to server admins. If you open the steam overlay while in CS it shows some of the details.
- No, most multiplayer games and services these days only share your IP with the server, and not with other players.
  
  Leaking your IP to someone malicious can mean DDoS attacks and rough geolocation. IP can be a good narrowing to find your address when combined with additional information.
  
  SC2 is not a game one would expect to leak your IP and is a valid, small concern.
  
  Server owners can be just as malicious many games support private servers
  
  It can be very rough geolocation, currently my IP geolocates to a city around 300 Km away, other times the right city.
It sounds like the person who posted this believes you can run code on people's machines simply by having their IP address rather than there actually being any kind of exploitable code-running capability. Leaking your IP isn't really a big deal, as you're constantly leaking your IP any time you connect to anything anyways, and if CS:2 uses any kind of peer-to-peer to lower latency or make the game more responsive, you could have grabbed those ips with a simple netstat (for windows users) command anyhow.
- Right, the worst that can happen is a DDoS, you can take down a residential connection really easily. Those little consumer grade routers cannot handle much lmao
  
  And since most residential IPs are short-lived DHCP leases, instead of permanent IPs, a simple router reset will usually get you a new IP and you're good at that point.
Permanently Deleted
Well that sucks, hope it gets sorted soon.
I play CS2 on VPN and I still get about 25 ping. No excuses
- My excuse is that it's a waste. There is no point in doing that unless you want to do something that you are not allowed to do like hop regions or something.
  
  All of my traffic for all the devices in my home goes through VPN cause I have it configured at the router level. I'm not gonna turn it off for gaming.
  
  Security, that's a major use of vpns.
  
  Edit: I should of pointed out that I meant limited use for security reasons, like accessing your bank account in public areas, its not much but it can help to protect you from MitM attacks at the very least.

You've viewed 35 comments.