DOOM Eternal is a first-person shooter developed by id Software and published by Bethesda Softworks. A sequel to DOOM (2016), the soft reboot of the legendary series, DOOM Eternal was released to critical acclaim with over 3 million copies sold within a week of release in 2020. Our team here at CYREX Enterprise were ecstatic to be given the chance to help secure the backend, non-gameplay services of this awesome title. Tests on DOOM Eternal were conducted under our Grey Box penetration testing service.
The testing was focused to ensure validity of the server-side security controls. We did this by ethically hacking a variety of functionalities such as:
- Matchmaking system
- Party and party management systems
- Creation and registration of player accounts
- Session management and authentication
- Account of profile management
- In-game achievement and rewards
CYREX’s team of security engineers conducted a thorough analysis and uncovered a range of vulnerabilities, including both low-priority issues and critical vulnerabilities that Bethesda recognized as of utmost importance. The potential impact of these vulnerabilities, had they been exploited by malicious actors, could have had devastating consequences for the developers, publishers, and passionate players of DOOM Eternal.
We are delighted to share that our dedicated efforts were met with immense satisfaction from the Bethesda team. By successfully identifying key vulnerabilities that had previously gone unnoticed, we were able to provide a robust security solution. Following the completion of the patching process, we conducted comprehensive sanity and regression tests to ensure the effectiveness of our implemented measures.
While we are unable to disclose further details due to the sensitivity of the information and a mutual agreement between the teams at Bethesda and CYREX Enterprise, we are thrilled to have been part of this remarkable project. We genuinely look forward to the opportunity of supporting the Bethesda team once again in the future. Working together has been an incredibly rewarding experience, and we are grateful for the chance to contribute to the security of DOOM Eternal.