|Number of vulnerabilities||1|
|Vulnerable software versions||
|Vendor URL||Valve Software|
The vulnerability allows a remote authenticated attacker to bypass security restrictions.
The weakness exists in a Steam web API located at partner.steamgames.com/partnercdkeys/assignkeys/ due to attacker can go through all Steam games IDs, as the appid and keyid parameters were easy to guess. A remote authenticated use the
/partnercdkeys/assignkeys/ endpoint on partner.steamgames.com with keycount parameter to "0", bypass the API's limitations, retrieve a file with CD keys belonging to any game and download previously-generated CD keys for a game which they would not normally have access.
Install update from vendor's website.External links