Steam Vulnerability Allowed Malicious Operators To Gain License Keys

Steam Vulnerability Allowed Malicious Operators to Gain License Keys

A security researcher discovered a dangerous Valve vulnerability allowing malicious users to reveal the license keys for the available content on the store. This means that every computer game or software can be acquired by leveraging it. The expert has disclosed the issue to Valve who have fixed the bug.

The Critical Steam Vulnerability Fixed: Malware Users Could Have Accessed Games for Free

A dangerous Steam vulnerability was recently reported that fortunately was fixed before any abuse is reported. The issue was discovered by a security expert called Artem Moskowsky who disclosed the bug in private to Valve back in August. The problem was fixed by the Steam developers and public acknowledgment was posted when the necessary critical patches were rolled out to the users.

The problem was found within the Steam developer portal which was exploitable into revealing the license keys for published content on the platform. The expert revealed that it was fairy easy to modify the parameters in the API request during network transactions. This allows malicious users to craft custom packets that will return the license key for a given title. Last year Steam and CS:GO users faced serious issue when a

Hackers have been detected earlier this month to join almost every lobby in one of the biggest online competitive games out there ? Counter Strike:Global Offensive. The hackers did not have any specific need, but a simple message they had...Read more
large-scale lobby spam campaign affected the majority of players. Security experts were unable to identify the origins or perpetrators.

Numerous Steam users have reported that a game titled Abstractism is consuming way too much CPU power to mine for cryptocurrency
Steam Alert: Abstractism Game Exploited Gamers’ CPU for Cryptomining

The proof-of-concept was done by changing a single parameter that overrides the game ownership status. Once this is done the can acquire the key of any title they specify, effectively being able to download all of Steam’s catalog for free. The news reports indicate that Moskowsky demonstrated that he was able to obtain 36,000 keys for Portal 2. Given the price a simple calculation in this scenario results in $359,640 of lost revenue for Valve.

Upon verifying that the bug is legitimate the researcher was awarded a bug bounty reward through the Hacker One platform. The private disclosure done by the expert guarantees that no malicious user can abuse it. No reports of such claims have been reported. Valve confirmed that the log files sow no records of abuse or intrusion.

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share