BattlEye Vulnerability: “BannleEye” Exploit Allows Arbitrary Banning Users
A critical vulnerability in BattlEye (BE), a widely used anti-cheat system, has been disclosed, potentially jeopardizing the security of user accounts across several prominent online games. The vulnerability, identified by security researcher timoxa565, enables malicious actors to exploit the system’s authentication process and trigger illegitimate account bans.
The exploit, referred to as “BannleEye,” targets the communication between BattlEye’s client-side and server-side libraries (“BEClient.dll” and “BEServer.dll”). By manipulating the “gameName” field during initialization, attackers can redirect the authentication process to a rogue server, effectively spoofing a legitimate game environment.
This manipulation allows for the modification of user identification within any active game session. As timoxa565 elucidates, it is possible to deliberately trigger the anti-cheat system on a false server, redirecting the data to the real server in the name of another player. This mechanism enables attackers to falsely attribute malicious activity to targeted accounts, leading to unwarranted bans, even if the targeted user is offline.
The BannleEye vulnerability highlights a critical weakness in server-side anti-cheat systems that rely solely on server validation. timoxa565 recommends implementing unique secret keys for each game, citing Easy Anti-Cheat’s “X-Secret-Key” as an effective mitigation strategy.
The method shared by timoxa5651 sparked a lively debate on the forum. One participant noted that BE likely treats any game server as safe by default, which enables the exploit to function across many games. Other users expressed doubts about the ability of Steam and Epic Games’ authentication systems to address this vulnerability, given the lack of token validation in certain games.
In response to the disclosure, BattlEye has released a statement acknowledging the vulnerability’s existence in certain games while assuring that “the vast majority of games (including P2P games) are not affected.” The company further states: “Furthermore, we record enough data for every ban to be able to identify any such potential “fake bans” in our system retroactively. We are working with affected game teams to resolve this ASAP.”
