“We hope to hear more from you in the future.”
Valve has awarded a security researcher $7500 for reporting a bug that permitted players to falsify credits to their Steam wallet.
As spotted by The Daily Swig, researcher “drbrix” reported the exploit via HackerOne, stating they had “found [a] vulnerability which allows attacker to generate steam wallet balance”. The bug – which has since been resolved – would permit players with “amount100” in their Steam account email address to intercept payments made via Smart2Pay and artificially inflate them (thanks, NME).
After detailing how the exploit could be generated, Valve’s JonP promptly thanked drbrix and agreed the team at Valve had been able to “validate this is happening pretty much as described”, and were taking steps to address it.
After drbrix was invited to attempt the exploit again following triage via Valve, JonP awarded the reporter a bounty of $7500 – that’s around £5400 – and upgraded the issue from medium severity to critical.
“Thank you for this report,” JonP said. “This was clearly written and helpful in identifying a real business risk. We have changed the severity assessment to Critical, reflecting the potential cost to the business, and applied a bounty accordingly. We hope to hear more from you in the future.”
At the time of writing, there’s no word from Valve if the vulnerability had been abused by hackers, or if it managed to ameliorate the issue before it could have been abused.
ICYMI, Valve has published the first video on its official YouTube channel in eight months: “Introducing Steam Deck”.
As Wes summarised yesterday, the video is a straightforward summary of the features of Valve’s upcoming handheld, and succinctly makes the case for the device.
Demand for Steam Deck continues to be strong, with availability pushed back soon after reservations were made available. Check out Digital Foundry’s Steam Deck analysis for more.
Eurogamer.net
Source link
Related Post:
- Security flaw for unlimited Steam Wallet funds found, fixed
- Hide your wallets: the Steam Summer Sale has kicked off
- Final Fantasy XIII, Released In 2015, Has Just Been Patched On Steam
- Xbox uses its social media reach to encourage players to get their COVID-19 vaccinations • Eurogamer.net
- Test Drive Unlimited Solar Crown’s location is finally revealed • Eurogamer.net
- Shadow of the Tomb Raider Patched to Run 4K, 60fps on PS5
- Apex Legends tap-strafing will be patched out, Respawn says
- Downhill’s new Daily Ride modifiers add Mirrored Mode and more • Eurogamer.net
- Netflix reportedly plans to add first games in the next year • Eurogamer.net
- A Hacker Found A Way To Get Unlimited Money On Steam