The steam vulnerability allows players to fill wallets

Valve paid a security expert $ 7,500 for discovering a bug that allowed users of the digital distribution service Steam to artificially increase funds in their wallets.


The drbrix expert reported the exploit, stating that they discovered a vulnerability that allows an attacker to generate a Steam wallet balance. The bug allowed players with amount100 in their Steam account email address to intercept payments made through Smart2Pay and artificially increase them.


After explaining in detail how the exploit could be generated, Valve's JonP immediately thanked drbrix and agreed that the vulnerability did work. At the same time, the company raised the severity of the problem to critical and quickly took up its solution.

Thanks for this report. It was clearly written and helped to identify the real risks to the business. We have changed the severity rating to critical, reflecting the potential cost to the business, and have assigned the bounty accordingly. - JonP from Valve

Later it became known that Valve released a fix that eliminates the vulnerability.

2 views0 comments

Recent Posts

See All