Bluetracker
Tracks Blizzard employees across various accounts.
I have discovered a gamebreaking flaw in Hearthstone. I need someone to record a game with me to confirm it.
TL;DR version at the end of the post.
Edit: video recording done, thanks to a fellow redditor. Waiting for him to upload.
Edit 2: here is the video: https://www.youtube.com/watch?v=teaCtnem3-M
Edit 3: Blizzard has been informed and seems to be working on it already. Thanks to everybody who helped me in the process.
Hi reddit, I've been auditing Hearthstone in the past few days, and I found a gamebreaking flaw in the network protocol.
This vulnerability allows a player to get information about its opponent's hand. Given enough information, one can know exactly which cards are in the opponent's hand.
Since I've had many bad experiences reporting vulnerabilities, and auditing hearhtstone's protocol is probably against Blizzard's ToS, I've chosen to stay anonymous, hence this throwaway account.
In order to demonstrate this vulnerability, I need help from someone trusted who can record a video of a friendly game, and then upload it to youtube. During this game, I will message the cards in his hand. All that is needed is an account on NA.
Once this is done, I'll give details to Blizzard through reddit.
TL;DR: there is a flaw in Hearthstone which gives information about cards in an opponent's hand. Anybody (trusted) would like to record and put on youtube a friendly game against me where I'll message the cards in his hand?
Zeriyah
Thanks for bringing this to our attention. I’m sorry you’ve had bad experiences with reporting vulnerabilities in the past; having Hearthstone be a quality, fair experience to everyone is our highest priority, and we greatly appreciate it when players bring things like this to our attention. If you or anyone discovers vulnerabilities in Hearthstone, please do not hesitate to contact us at [email protected]. In the meantime, we have taken steps to address this issue. Thank you!