With the help of a security researcher, Valve has found and fixed an exploit that would have allowed a user to falsify the value of deposits to their Steam wallet. The exploit worked by—for example—turning a $1 deposit into a $100 deposit. It was accomplished by changing the account’s email address to one including “amount100,” then intercepting a message to a payment company API.
The writeup for the hack was posted on white-hat hacking bug bounty site HackerOne by the handle drbrix. Valve and drbrix later made the exchange public, once a fix was implemented. Drbrix first posted the bug as “medium” priority, saying “I think impact is pretty obvious, attacker can generate money and break steam market, sell game keys for cheap etc.”
Valve, after testing the exploit and trying a fix, subsequently upgraded the bug to “Critical” severity and the corresponding payout to $7,500 USD “reflecting the potential cost to the business.”
“We hope to hear more from you in the future,” the Valve staff said.
Yes, I’m sure they would.
Valve told The Daily Swig that “Thanks to the person who reported this bug we were able to work with the payment provider to resolve the issues without any impact on customers.” Valve did not say whether anyone had actually abused the potential exploit.
PCGamer latest
Source link
Related Post:
- Patched Steam exploit let players add unlimited funds to their Steam wallets • Eurogamer.net
- A Hacker Found A Way To Get Unlimited Money On Steam
- Automata’s Broken Steam Version Finally Being Fixed
- The Ascent’s broken Game Pass edition is getting fixed, developer promises
- Broken TRS-80 Text Adventure Game Fixed After 40 Years
- How Nintendo’s Miyamoto Fixed Donkey Kong Country Returns
- Cyberpunk 2077 – Have CD Projekt Red’s updates fixed it yet?
- Cloud’s Infamous Door Is Now Fixed in Final Fantasy VII Remake Intergrade
- Bizarre Scarlet Nexus Shadow Glitch Gets Fixed
- Resident Evil Village PC is fixed