$20,000 Bounty Awarded To Researcher For Finding Steam CD Key Bug
Ukrainian vulnerability researcher Artem Moskowsky discovered a bug in Steam's web API that could have given a malicious user any CD key on the service for free as reported by ZD Net.
Valve's digital distribution platform has certainly had its share of problems over the years. However, it may have just avoided a potential disaster with the discovery of a critical vulnerability that could have seen countless Steam games walk out the door for free.
The service's web API is used for developers and affiliates so as to allow them to retrieve their keys after a purchase. If you've ever bought a game via a third-party store like Green Man Gaming, Humble Bundle, or the like, you've probably activated your key through this API.
Normally, there are security checks in place to ensure that the transaction is legitimate. A simple change to the API's "keycount" parameter allowed Ukranian vulnerability researcher Artem Moskowsky to retrieve potentially any product activation code that he desired. During his tests, Mr. Moskowsky generated over 36,000 keys for Valve's Portal 2 without spending a dime.
---
Read more on TechRaptor
