Poker players investigating Cereus? This time around it’s a confirmed security hole on the network uncovered by PokerTableRatings.

The Cereus Network (Absolute / Ultimate Bet) took one on the chin this week, with news of a potentially serious security flaw that would allow intruders access to user’s accounts and the contents of their hole cards.

There have been, at this point, no confirmed cases of the exploit being used to hack a user’s account for any purposes. That said, the general sense is that playing on the network until a solution has been found, especially on a public connection, is ill-advised.

News of the leak first appeared yesterday on PokerTableRatings. Here’s the summary provided by PTR:

In summary, there is a critical vulnerability in the Cereus Network software which makes it possible for an attacker to hijack poker accounts and view hole cards. The only 100% protection is to stop playing on Cereus Network until they upgrade to using SSL. To our knowledge there are no cases of this vulnerability being used to exploit actual players. PokerTableRatings.com created test accounts for all proof of concept testing done during the discovery of this vulnerability. We do not have passwords to any unauthorized user accounts. The Cereus Network has been notified of this vulnerability. We will continue to report on this as it develops.

Link to the entire article

View the exploit in living color:

If you’re wondering exactly how vulnerable you might be, the basic relationship is that the more public and unsecured your connection is, the more vulnerable you are. If you’re playing on a public connection (think shared wireless in a dorm), you’re at the riskier end of the scale; if you’re connected directly to your network via ye ole ethernet cable, then you’re about as safe as you can be.

Cereus has acknowledged the issue, with a response sent to PTR from Paul Leggett

(COO of Cereus parent company Tokwiro Enterprises):

Hi Dameon, We really truly appreciate the email you have sent us regarding the vulnerability in our encryption. I just became aware of your article 30 minutes ago and I have read your article and watched the video. I think you have done a great thing for the poker community by emailing us and letting the community know about it. Thank you for that. I would also like to express how seriously we take this issue. I’m expecting to have a solution in place in a matter of hours and I would really like to discuss engaging your company to help us test the solution, if your company provides such services. I would greatly appreciate it, if you could paste the contents of this email on your website, so your followers are assured that we are aware of the issue and we are working diligently to address it. I would also like to emphasize to your readers that this issue would require someone to have access to their local network and also have the technical capabilities to crack our encryption in order to gain access to the player data and see the clear text like you did in your demonstration. Again, I greatly appreciate you notifying us and the poker community and we will investigate this fully and completely and fix the problem immediately. Regards, Paul Leggett

COO, Tokwiro Enterprises

A day after the response, there’s no update from PTR or Cereus regarding a solution; we’ll keep you posted as the story develops.