Impact
The Assassin game includes an authentication flow that does not validate the email address supplied during account creation or login. This failure permits the use of fabricated or non‑existent email addresses. As a result, unauthenticated or authenticated users can generate large numbers of accounts that appear legitimate to the system, enabling mass spam, system abuse, or circumvention of user‑control mechanisms.
Affected Systems
Gaudire’s Assassin game is the only product listed as affected. No specific version numbers are mentioned in the advisory.
Risk and Exploitability
The vulnerability is rated with a CVSS score of 6.9, indicating a medium severity. The EPSS score is not provided, and the issue is not listed in the CISA KEV catalog, but the absence of email verification can be exploited through routine registration or login requests, likely requiring only network access and no special privileges.
OpenCVE Enrichment