Security restrictions bypass in Steam

Published: 2018-11-09 12:56:51
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID N/A
CVSSv3 5.5 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CWE ID CWE-264
Exploitation vector Network
Public exploit Not available
Vulnerable software Steam
Vulnerable software versions Steam -
Vendor URL Valve Software

Security Advisory

1) Security restrictions bypass

Description

The vulnerability allows a remote authenticated attacker to bypass security restrictions.

The weakness exists in a Steam web API located at partner.steamgames.com/partnercdkeys/assignkeys/ due to attacker can go through all Steam games IDs, as the appid and keyid parameters were easy to guess. A remote authenticated use the /partnercdkeys/assignkeys/ endpoint on partner.steamgames.com with keycount parameter to "0", bypass the API's limitations, retrieve a file with CD keys belonging to any game and download previously-generated CD keys for a game which they would not normally have access.

Remediation

Install update from vendor's website.

External links

https://hackerone.com/reports/391217

Back to List