Well, that could’ve been bad
Security researcher Artem Moskowsky discovered a bug within Steam’s infrastructure that could’ve been incredibly damaging for Valve. If exploited it would’ve given the user access to generate any number of keys for any game. That’s obviously bad for Valve since Steam is built around, you know, selling games.
Moskowsky didn’t run wild like a kid in a toy store, though. He reported the bug to Valve. For finding this critical loophole, Valve paid Moskowsky $20,000. Don’t be mistaken in thinking this was excessive goodwill on the part of either party, though; Valve has a bounty program where it’ll pay people who raise the alarm on security exploits.
The fascinating part is that Moskowsky didn’t even work any sort of hacker black magic to find this. Talking to The Register, he says “To exploit the vulnerability, it was necessary to make only one request. I managed to bypass the verification of ownership of the game by changing only one parameter. After that, I could enter any ID into another parameter and get any set of keys.” It would’ve been theoretically possible for anyone with access to the developers’ partner Steam tool to pull off — and it’s not especially difficult to be accepted into that program.
At one point, Moskowsky generated 36,000 keys for Portal 2 by entering a random string of code into a request. If anyone took that sort of quantity to a key reselling site, they’d end up with quite a pretty penny for their couple minutes spent gaming the system. Now imagine if someone did that with a new popular release.
However, no one needs to fret about that. Valve had immediately fixed the bug, presumably at the same time it paid Moskowsky. Even though it had high potential to be rather disastrous, Valve says it can’t find record of anyone other than Moskowsky making use of this bug. At the end of the day, $20,000 isn’t a bad price to shut down that glaring catastrophe-in-waiting.
Getting all the CD keys of any game [HackerOne via PC Gamer]