Guru3D Thermal Paste Roundup 2019
Back-to-school Microsoft Office 2016 $18 Win 10 Pro $12
TeamGroup T-Force Vulcan 1TB SSD Review
Corsair K57 RGB Wireless keyboard review
AMD Ryzen 7 3800X review
PowerColor 5700 RED DEVIL review
MSI Radeon RX 5700 XT Evoke review
ASUS Radeon RX 5700 XT ROG STRIX review
ViewSonic Elite XG240R Monitor Review
Promo: URCDKey Summer Sale Windows 10 Pro for $11
Steam password exploit discovered
Until recently it was possible to access someone's steam account with only a username. Basically, the authentification process needed to change an account password could be bypassed by... simply ignoring it.
Clicking "continue" without entering the password change verification code offered express access to the user's account. That means if someone had your username (and were aware of the exploit) they could have accessed your account in a few clicks.
Kotaku got in touch with Valve about the issue – which was discovered and fixed last week – and this is how they responded:
To protect users, we are resetting passwords on accounts with suspicious password changes during that period or may have otherwise been affected. Relevant users will receive an email with a new password. Once that email is received, it is recommended that users login to their account via the Steam client and set a new password.
Please note that while an account password was potentially modified during this period the password itself was not revealed. Also, if Steam Guard was enabled, the account was protected from unauthorized logins even if the password was modified. We apologize for any inconvenience.
If you've received an email from Steam at the weekend requesting a password change – that's why. if you look at the video below, you'll be baffled as to how simple this exploit was.
StewieTech
Chuck Norris
Posts: 2538
Joined: 2012-02-06
Chuck Norris
Posts: 2538
Joined: 2012-02-06
#5129839 Posted on: 07/27/2015 05:30 PM
After seeing the video and how simple it was to take advantage of such a grotesque flaw, i don´t know if i should laugh or cry really. I´m speachless.
After seeing the video and how simple it was to take advantage of such a grotesque flaw, i don´t know if i should laugh or cry really. I´m speachless.
WithoutWeakness
Junior Member
Posts: 11
Joined: 2012-02-07
Junior Member
Posts: 11
Joined: 2012-02-07
#5129856 Posted on: 07/27/2015 06:00 PM
Glad to see that Steam Guard at least prevented unauthorized logins. This is just another reason to always use two-factor authentication if the option is given to you. If you don't have Steam Guard set up I would suggest enabling it on your account.
Glad to see that Steam Guard at least prevented unauthorized logins. This is just another reason to always use two-factor authentication if the option is given to you. If you don't have Steam Guard set up I would suggest enabling it on your account.
TheDeeGee
Senior Member
Posts: 6058
Joined: 2010-08-28
Senior Member
Posts: 6058
Joined: 2010-08-28
#5129882 Posted on: 07/27/2015 06:59 PM
Good thing there was a crappy quality video, cuz didn't understand half of what he said...
Good thing there was a crappy quality video, cuz didn't understand half of what he said...
Click here to post a comment for this news story on the message forum.
Senior Member
Posts: 803
Joined: 2008-06-15
Always amazed when I read about this kind of thing. Steam goes to all sorts of trouble and expense to secure the system and... doesn't test to see if you can bypass security just by clicking?! Really?