I found a security hole in Steam that gave me every game’s license keys and all I got was this… oh great: $20,000 • The Register
A bloke has advised how he found out a computer virus in Valve’s Steam market that can have been exploited by way of thieves to thieve recreation license keys and play pirated titles.
Researcher Artem Moskowsky advised The Register previous this week that he stumbled around the vulnerability – which earned him a $20,000 computer virus bounty for reporting it – by chance whilst taking a look over the Steam spouse portal. That’s the website builders use to regulate the video games they make to be had for obtain from Steam.
A qualified bug-hunter and pentester, Moskowsky mentioned he has been doing security analysis since he was in faculty, and for the previous a number of years, he has made a occupation out of discovering and reporting flaws.
In this example, whilst taking a look in the course of the Steam developer website, he spotted it was moderately simple to modify parameters in an API request, and get activation keys for a decided on recreation in go back. Those keys, sometimes called CD keys, can be utilized to turn on and play video games downloaded from Steam. The API is supplied so builders and their companions can download license keys for his or her titles to cross onto avid gamers.
“This bug was discovered randomly during the exploration of the functionality of a web application,” Moskowsky defined. “It could have been used by any attacker who had access to the portal.”
Essentially, someone who had an account at the developer portal would be capable to get right of entry to the sport activation keys for some other recreation Steam hosted, and promote or distribute them for pirates to make use of to play video games from Steam. Fetching from the
/partnercdkeys/assignkeys/ API with a 0 key depend returned a large bunch of activation keys.
“To exploit the vulnerability, it was necessary to make only one request,” Moskowsky advised El Reg. “I managed to bypass the verification of ownership of the game by changing only one parameter. After that, I could enter any ID into another parameter and get any set of keys.”
‘DerpTroll’ derps into plea deal, admits DDoS assaults on EA, Steam, Sony recreation servers
How critical was the flaw? Moskowski says that, in one case, he entered a random string into the request, to pick out a name at random, and in go back he got 36,000 activation keys for Portal 2, a recreation that nonetheless retails for $nine.99 in the Steam retailer.
Fortunately for Valve, Moskowsky opted to privately come ahead with the flaw by means of HackerOne. The programming blunder has since been mounted.
As the HackerOne access for the vulnerability displays, Moskowsky first submitted the record at the flaw in early August. Three days later, Valve passed out the $15,000 bounty in addition to a $five,000 bonus for the to find, regardless that Valve simplest allowed the record to move public on October 31.
The researcher advised us that is a beautiful just right turnaround, and Valve in specific is superb with dealing with researcher requests and paying out computer virus bounties.
Impressively, this $20,000 bounty is not even the most important payout Moskowsky has won from the video games carrier. Back in July he was given a cool $25,000 for hunting down a SQL Injection computer virus in the similar developer portal. ®