Security flaw for unlimited Steam Wallet funds found, fixed

With the help of a security researcher, Valve has found and fixed an exploit that would have allowed a user to falsify the value of deposits to their Steam wallet. The exploit worked by—for example—turning a $1 deposit into a $100 deposit. It was accomplished by changing the account’s email address to one including “amount100,” then intercepting a message to a payment company API. 

The writeup for the hack was posted on white-hat hacking bug bounty site HackerOne by the handle drbrix. Valve and drbrix later made the exchange public, once a fix was implemented. Drbrix first posted the bug as “medium” priority, saying “I think impact is pretty obvious, attacker can generate money and break steam market, sell game keys for cheap etc.”

Source link

0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments
www.mersinrehber.net - www.eskisehiryurdu.net - www.escortizmirescort.org - www.bursakiz.com - www.xizmitescort.com - www.tangomersin.com - www.escorteskisehirli.com - www.adanahost.net - www.otomersin.com - www.eskisehiritiraf.com - www.escortbodrum.pro - www.eskisehirforum.com - web tasarım