Quote Originally Posted by KisaiTenshi View Post
Why even go through the bother? All they have to do do is MITM when ffxiv.exe is launched by grabbing the string from the launcher the same way any other tool can see it.
Well, I excluded MitM attacks because I was responding to the comment about encryption. If you can MitM the launcher, all of your information is at risk, not just the session ID. It's not my area of expertise, so I wouldn't say it's completely unavoidable, but as far as I know, MitM attacks aren't something SE can easily prevent beyond the measures they are already taking. That's why I said the only real risk associated with this vulnerability is from client machine infection.