Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Bug Games

A Bug in Steam, Which Was Recently Patched, Could Have Given Users Access To Activation Key of Any Game (zdnet.com) 19

Ukrainian vulnerability researcher has found a bug that would have allowed him to download all the activation keys (also known as CD keys) made available through the Steam gaming platform, for any game, ever. From a report: Discovered by Artem Moskowsky, the bug resided in Steamworks, a platform that Valve runs to help developers with building and publishing games via its Steam gaming client. Moskowsky found the bug in a Steam web API located at partner.steamgames.com/partnercdkeys/assignkeys/. This is the API that lets game developers or affiliates retrieve CD keys made available to Steam users so their customers can activate a game installed via the Steam client. This API is accessible using a regular Steam account and takes several parameters, but the ones most relevant are appid (representing the game), keyid (representing the identifier of a set of CD keys), and keycount (representing the number of CD keys that Steam needs to return inside a CD key set).
This discussion has been archived. No new comments can be posted.

A Bug in Steam, Which Was Recently Patched, Could Have Given Users Access To Activation Key of Any Game

Comments Filter:
  • by Anonymous Coward

    exploited, m'gentle ladies

  • Do we really think that usage of that API wouldn't have been audited though?

    • by Anonymous Coward

      Only if some dumbfuck downloaded them all at once, sure.
      But if you downloaded them in random chunks at a time, it would seem like regular usage patterns on the server logs.
      Whether they have a system in place to alert if, say, money coming in wasn't equal to the keys going out, or something along those lines, is another question.

      A lot of people overlook usage patterns in their APIs, usually leaving algorithms to deal with it.
      But you can cheat a lot of algorithms in the right ways if you trial-and-error infor

    • by MrL0G1C ( 867445 ) on Thursday November 08, 2018 @10:15PM (#57615620) Journal

      A criminal would grab thousands of keys for full price AAA titles and sell them on grey market sites for a quick profit, they wouldn't care if the keys got revoked after an audit.

  • by kaoshin ( 110328 ) on Thursday November 08, 2018 @05:16PM (#57614460)
    Even if all Steam games were available for free, I would still pay, because I want to continue to support what they are doing for gaming on Linux. I do take advantage of a lot of the sales they run though.
    • Looking forward to the christmas discounts :)
      • by rtb61 ( 674572 )

        Steam have got more than just a little douche baggery, allowing developers who sold you the game, to force downgrades after buying the game, to sell DLC matched to that downgrade. Steam is now chasing the developers to screw over the users, rather than the other way around. I have stopped buying on Steam to take back control of game upgrades to block install of shitty downgrades, worse to date, Paradox and Stellaris. Watch you game be forced upgraded to now serve you publisher ads and slowed down applicatio

        • That seems more like a problem with the developer/publisher than it is a problem with Steam. Uplay and Origin are just as bad at "up"downgrades, but there not the big guy so nobody whinges.
        • by Cederic ( 9623 )

          I would not touch Steam, until the user gets to choose which patches to run the game with

          You've had the ability to avoid patching your Steam games for around a decade now.

          That's not quite selective patching but effectively operates the same way, given patches generally have a dependency relationship. If you skip one you mostly aren't getting later ones whether you're on Steam or not.

        • Im sure some are better than others.
  • by Only Time Will Tell ( 5213883 ) on Thursday November 08, 2018 @05:38PM (#57614582)
    I wonder if Steam tossed any free keys his way for the heads up about this hole. I did see he got $20K for this effort, which would buy a lot of games of Civilization!

In the long run, every program becomes rococco, and then rubble. -- Alan Perlis

Working...