ESPN Fantasy Football Site Rife With Security Flaws

Share

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Email

Share this article

Join the conversation

Follow us

Add us as a preferred source on Google

Newsletter

Get the Live Science Newsletter

Get the world’s most fascinating discoveries delivered straight to your inbox.

Become a Member in Seconds

Unlock instant access to exclusive member features.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

---

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

---

Want to add more newsletters?

Delivered Daily

Daily Newsletter

Sign up for the latest discoveries, groundbreaking research and fascinating breakthroughs that impact you and the wider world direct to your inbox.

Signup +

Once a week

Life's Little Mysteries

Feed your curiosity with an exclusive mystery every week, solved with science and delivered direct to your inbox before it's seen anywhere else.

Signup +

Once a week

How It Works

Sign up to our free science & technology newsletter for your weekly fix of fascinating articles, quick quizzes, amazing images, and more

Signup +

Delivered daily

Space.com Newsletter

Breaking space news, the latest updates on rocket launches, skywatching events and more!

Signup +

Once a month

Watch This Space

Sign up to our monthly entertainment newsletter to keep up with all our coverage of the latest sci-fi and space movies, tv shows, games and books.

Signup +

Once a week

Night Sky This Week

Discover this week's must-see night sky events, moon phases, and stunning astrophotos. Sign up for our skywatching newsletter and explore the universe with us!

Signup +

---

Join the club

Get full access to premium articles, exclusive features and a growing list of member rewards.

Explore

---

An account already exists for this email address, please log in.

Subscribe to our newsletter

ESPN’s Fantasy Football site is plagued by flaws that make it easy for users to cheat, according to a security researcher.

The vulnerabilities exist in the URL the site uses as a final confirmation that a participant must click on when adding a new player to an existing roster. The flaw was discovered by Billy (BK) Rios, who writes about it in a Sept. 22 entry on his blog, at http://xs-sniper.com.

“Unfortunately for the other players in my league, the fantasy football application does a poor job of authorizing checking,” writes Rios. “These poor checks allow me to manipulate the trans parameter to add an arbitrary player to any team’s roster.”

Rios said the ESPN website vulnerability also made it possible to drop players from teams or alter lineups, but he chose not to. Instead, Rios tested the security slip by playing a prank on his competitors, adding notoriously inconsistent Washington Redskins quarterback Rex Grossman to a rival’s squad.

Rios said he has contacted ESPN’s fantasy football site about the vulnerability.

• Going Deep: The Future of Technology in the National Football League
• Fantasy Sports Seasons
• New NFL Technology Brings Fans Closer to the Action