Switch Switch to
Switch to
ISO/IEC 27001
certification service


In the interest of player protection, eCOGRA would like to update all online poker players about the encryption issue on the Cereus Poker Network, which pertains to Absolute Poker.com and UB.com, as raised on May 6, 2010, by PokerTableRatings.com (€œPTR€), a third party online site that provides players with a suite of useful analytical tools.

Late on May 6, PTR made contact with Tokwiro Enterprises (owner of the CEREUS Network) Chief Operating Officer Paul Leggett, to inform him of the encryption flaw they discovered, which theoretically could allow someone to exploit this vulnerability in the encryption/cypher method to view other players' hole cards.

Leggett and Tokwiro management responded immediately to the PTR claim, treating the issue with the seriousness and urgency it required; and we have been informed that in the early hours of Friday, May 7, the Cereus online poker network released a software update that fixed the identified encryption flaw, and removed the potential vulnerability.

We have also been advised that the new client encryption that Cereus is currently using addresses the vulnerability PTR outlined, and it will no longer allow a player to compromise sensitive data. It is important for players to note that for someone to exploit this complex vulnerability, they would have required the technical capability to crack the encryption/cypher method that the Cereus network used prior to May 7. They would also have had to hack into their local network in order to gain access to sensitive data. It is a possible, but unlikely scenario that Leggett and team continues to investigate, and any player questions or concerns are being examined thoroughly to ensure that there has been no incidence of cheating at the Cereus network due to the encryption vulnerability.

In concert with the Kahnawake Gaming Commission, eCOGRA is currently monitoring this situation as Tokwiro management moves quickly to rectify the flaw and implement more stringent security measures going forward. Tokwiro expects the implementation of the Open SSL standard to be live on the Cereus network shortly.

Tokwiro management is proactively cooperating with the KGC in addressing the problem, and initially reported the issue to the Commission.
Based on information available to eCOGRA at this time, it appears unlikely that player gaming data has actually been compromised.

eCOGRA will issue a further update on the situation as soon as this is available.

« Back