The person whose exploit took Souls servers offline is worried about Elden Ring

videogameschronicle.com:

Bandai Namco has been aware of severe security flaws within its Dark Souls games for years but has failed to address them, despite numerous emails and hundreds of support tickets, it’s been alleged.

And with developer From Software’s next Souls game, Elden Ring, just weeks away from release, people who have dug into its network test net code claim it could share many of the same issues.

On January 23, Bandai Namco temporarily removed PvP servers for Dark Souls: Remastered, Dark Souls 2 and Dark Souls 3, following the discovery of a severe remote code execution (RCE) vulnerability, which was said to allow abusers to take control of other players’ PCs.

Over a week later, Dark Souls’ PC servers remain offline and there’s no word on when they’ll return.

One of the people behind the discovery of the vulnerability told VGC they had made Bandai Namco aware of the issue over a month earlier, and that neither the publisher nor developer From acted upon the warning until it was made public in a last-ditch attempt to provoke action:

Another member of the Dark Souls community told VGC they made the games’ publisher aware of a second, yet to be made public RCE as far back as in 2020 and that it remains unfixed.

The person who discovered the latest RCE alleges that there are serious issues with all of the Souls games’ shared network infrastructure and said they believe it’s “inevitable” that Elden Ring will feature many of the same exploits, which will “probably be ported without issues and used on release by malicious cheaters.”

VGC has been told there are over 100 cheats, hacks and security vulnerabilities within Dark Souls 3, some of which are listedhere. Many of these will only affect PC players but can cause a variety of issues.

These