News

Steam contained bug that allowed access to activation keys for all games

By admin
Spread the love

Steam contained a bug that made it possible to get cd keys for all games on the platform. That’s what security researcher Artem Moskowsky discovered. Steam fixed the vulnerability and rewarded the researcher with $20,000.

According to Moskowsky, the bug was in Steamworks, the platform that allows developers to release games on Steam. Moskowsky tells ZDNet that he found a vulnerability in the api that allows developers to generate cd keys.

Under normal circumstances, the API throws an error if a Steam user tries to request a CD key without the account being used owns the game. However, by adjusting a keycount parameter to “0”, Moskowsky was able to get a file containing cd keys of each game. By adjusting IDs that are easy to guess, it was possible to request the generated keys for all games.

According to the security researcher from Ukraine, the vulnerability was ‘not apparent’ to the average viewer. Before notifying Steam, he downloaded more than 36,000 CD keys for Portal 2 as a test. Moskowsky reported the vulnerability in August via bug bounty platform HackerOne.

Valve corrected the bug in a few days, but is only now releasing it. It is not clear whether others have made the same discovery and abused it. Moskowsky was awarded $20,000 for his discovery. In July, he received $25,000 from Valve after discovering a vulnerability in Steamworks that enabled SQL injection.

You might also like
News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

EU Council determines position on security requirements for digital products

News

Microsoft and Activision Blizzard postpone acquisition deadline until October

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Anticheat FaceIT gets Linux version, enables Steam Deck support

News

Sony and Microsoft sign agreement to keep Call of Duty on PlayStation