Steam password exploit discovered, but it's now fixed

Discussion in 'Frontpage news' started by Extraordinary, Jul 27, 2015.

  1. Extraordinary

    Extraordinary Ancient Guru

    Messages:
    19,481
    Likes Received:
    1,523
    GPU:
    GTX980 SLI




    Steam is a pretty tight ship when it comes to security, but one glaring exploit was recently discovered – and it was scarily simple. As the video above demonstrates (courtesy of YouTuber Elm Hoe), until recently it was possible to access someone's account with only a username.

    Basically, the authentification process needed to change an account password could be bypassed by... simply ignoring it. Clicking "continue" without entering the password change verification code offered express access to the user's account. That means if someone had your username (and were aware of the exploit) they could have accessed your account in a few clicks.

    Kotaku got in touch with Valve about the issue – which was discovered and fixed last week – and this is how they responded:

    To protect users, we are resetting passwords on accounts with suspicious password changes during that period or may have otherwise been affected. Relevant users will receive an email with a new password. Once that email is received, it is recommended that users login to their account via the Steam client and set a new password.

    Please note that while an account password was potentially modified during this period the password itself was not revealed. Also, if Steam Guard was enabled, the account was protected from unauthorized logins even if the password was modified.

    We apologize for any inconvenience.

    If you've received an email from Steam at the weekend requesting a password change – that's why.


    Source:
    http://www.pcgamer.com/steam-password-exploit-discovered-but-its-now-fixed/

    http://www.guru3d.com/news-story/steam-password-exploit-discovered.html
     
  2. TheSarge

    TheSarge Master Guru

    Messages:
    805
    Likes Received:
    14
    GPU:
    MSI GTX 1080 GAMING X
    Always amazed when I read about this kind of thing. Steam goes to all sorts of trouble and expense to secure the system and... doesn't test to see if you can bypass security just by clicking?! Really? :3eyes: Somebody needs to be fired.
     
  3. StewieTech

    StewieTech Chuck Norris

    Messages:
    2,538
    Likes Received:
    892
    GPU:
    MSI gtx 960 Gaming
    After seeing the video and how simple it was to take advantage of such a grotesque flaw, i don´t know if i should laugh or cry really. I´m speachless. :3eyes:
     
  4. WithoutWeakness

    WithoutWeakness Member

    Messages:
    11
    Likes Received:
    0
    GPU:
    8GB Corsair 1866mhz
    Glad to see that Steam Guard at least prevented unauthorized logins. This is just another reason to always use two-factor authentication if the option is given to you. If you don't have Steam Guard set up I would suggest enabling it on your account.
     

  5. TheDeeGee

    TheDeeGee Ancient Guru

    Messages:
    6,501
    Likes Received:
    851
    GPU:
    NVIDIA GTX 1070
    Good thing there was a crappy quality video, cuz didn't understand half of what he said...
     

Share This Page