This article outlines a critical vulnerability discovered in Easy Anti-Cheat (EAC) that allows any application to gain the same level of security as a supported game. The exploit is alarmingly simple and requires minimal effort to execute.

Discovery

The research began with an attempt to better understand how the EAC launcher functions and how it validates applications for protection. After reviewing the system, I noticed a significant flaw: the EAC launcher does not properly validate certificates.

Exploit

With the absence of certificate validation, I first removed the Certificates from the Easy Anti Cheat folder. Then, I proceeded to replace the original game executable (in this case, Fortnite) with the application.

Once the changes were made, I launched the EAC launcher. The launcher did not reject the application, and my application was now running with full EAC protection.

Proof of Concept (PoC)

Conclusion

After finding this vulnerability, I reported it to Epic Games. They responded saying it was a "duplicate report," as the issue had been reported in 2023. The most concerning part is that the vulnerability still hasn't been fixed.