Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
Corsair Xeneon 27QHD240 OLED monitor review
ASUS Radeon RX 7600 STRIX OC review
Corsair RM1200X SHIFT 1200W PSU Review
Intel NUC 13 Pro (Arena Canyon) review
Endorfy Arx 700 Air chassis review
Beelink SER5 Pro (Ryzen 7 5800H) mini PC review
Crucial T700 PCIe 5.0 NVMe SSD Review - 12GB/s
Sapphire Radeon RX 7600 PULSE review
Gainward GeForce RTX 4060 Ti GHOST review
Radeon RX 7600 review

New Downloads
AMD Ryzen Master Utility Download 2.10.3.2504
CrystalDiskInfo 9.0.1a Download
AMD Radeon Software Adrenalin 23.5.2 WHQL download
Intel ARC graphics Driver Download Version: 31.0.101.4382
Corsair Utility Engine Download (iCUE) Download v5.2
GeForce 535.98 WHQL driver download
CPU-Z download v2.06
AMD Radeon Software Adrenalin 23.5.1 WHQL download
GeForce 532.03 WHQL driver download
AMD Chipset Drivers Download 5.05.16.529


New Forum Topics
When will there be a new driver German translation Introducing the Sound Blaster Katana SE Gaming Soundbar AMD's EPYC Bergamo: Cloud-Native CPU Based on Zen 4c Architecture finally joined the 5800X3D club AMD's Future Developments: Ryzen 8000 and Navi 3.5 Synology Plus Series SATA HDDs: Reliable and Efficient Storage Solutions for Entry-Level and Mainstream Systems Info Zone - gEngines, Ray Tracing, DLSS, DLAA, TSR, FSR, XeSS, DLDSR etc. Master Unveils MA824 Stealth: The Next Level of Air Cooling with Superconductive Composite Heat Pipe lga 775 msi motherboard problems




Guru3D.com » News » Steam password exploit discovered

Steam password exploit discovered

by Hilbert Hagedoorn on: 07/27/2015 12:38 PM | source: | 4 comment(s)
 Steam password exploit discovered

Until recently it was possible to access someone's steam account with only a username. Basically, the authentification process needed to change an account password could be bypassed by... simply ignoring it.

Clicking "continue" without entering the password change verification code offered express access to the user's account. That means if someone had your username (and were aware of the exploit) they could have accessed your account in a few clicks.

Kotaku got in touch with Valve about the issue – which was discovered and fixed last week – and this is how they responded:

To protect users, we are resetting passwords on accounts with suspicious password changes during that period or may have otherwise been affected. Relevant users will receive an email with a new password. Once that email is received, it is recommended that users login to their account via the Steam client and set a new password.

Please note that while an account password was potentially modified during this period the password itself was not revealed. Also, if Steam Guard was enabled, the account was protected from unauthorized logins even if the password was modified. We apologize for any inconvenience.

If you've received an email from Steam at the weekend requesting a password change – that's why. if you look at the video below, you'll be baffled as to how simple this exploit was.







« Review: AMD A10-7870K Godavari processor · Steam password exploit discovered · Rumor: Intel Skylake GPUs get 5xx naming »

TheSarge
Senior Member



Posts: 812
Joined: 2008-06-15

#5129830 Posted on: 07/27/2015 05:05 PM
Always amazed when I read about this kind of thing. Steam goes to all sorts of trouble and expense to secure the system and... doesn't test to see if you can bypass security just by clicking?! Really? :3eyes: Somebody needs to be fired.

StewieTech
Chuck Norris



Posts: 2537
Joined: 2012-02-06

#5129839 Posted on: 07/27/2015 05:30 PM
After seeing the video and how simple it was to take advantage of such a grotesque flaw, i don´t know if i should laugh or cry really. I´m speachless. :3eyes:

WithoutWeakness
Junior Member



Posts: 11
Joined: 2012-02-07

#5129856 Posted on: 07/27/2015 06:00 PM
Glad to see that Steam Guard at least prevented unauthorized logins. This is just another reason to always use two-factor authentication if the option is given to you. If you don't have Steam Guard set up I would suggest enabling it on your account.

TheDeeGee
Senior Member



Posts: 8887
Joined: 2010-08-28

#5129882 Posted on: 07/27/2015 06:59 PM
Good thing there was a crappy quality video, cuz didn't understand half of what he said...

Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2023