Member Moskowsky shared on Hackerone about a very serious Steam security hole he discovered.
In the Hackerone post, Moskowsky did not disclose details of the vulnerability and how to take advantage of the CD key of any game that only said it exists on partner.steamgames.com, Steam's website. for game developers and publishers.
Moskowsky also added that if Valve does not have any corrective actions, the developer will publish information on security holes on November 1.
Right after Moskowsky posted on Hackerone, Valve gave feedback. Valve confirmed the vulnerability on partner.steamgames.com page, allowing users to download the CD key of all Steam games.
Valve confirms a vulnerability on partner.steamgames.com page.
This is really a very serious security hole, if widely publicized can cause huge damage to Steam.
Valve rewarded Moskowsky with the amount of $ 20,000 (about VND 460 million) with this discovery. It seems that Valve is quite stingy by 20,000USSD which is a number that programmers rated as relatively low compared to the extremely serious vulnerability that Moskowsky discovered on Steam.
Valve's Steam is the largest game release platform in the world today with revenue of about 4.3 billion USD and 21,000 games released in 2017, not to mention the DLC updates of each game.
See more: