ALL THE LATEST NEWS ABOUT THE BUSINESS OF PC GAMES

News

There was a pretty massive security flaw in Steam's code for, um, 15 years

There was a pretty massive security flaw in Steam's code for, um, 15 years

Valve has only just plugged a security flaw that has existed in Steam's code for a decade and a half.

The oversight was discovered by Context Information Security's Tom Court in February, who has written a pretty detailed blog post that goes in-depth into the flaw.

In short - every single user was exposed to hijack attempts from third-parties. Court says that the flaw was in Steam's code from its early days and was never addressed because no-one attempted to exploit it. The custom Steam protocol did not check the first data package exchanged, leaving it open to exploitation from malevolent parties. 

Within half a day of being reported, Valve rolled out a patch to address this on its Steam beta branch before a full roll-out on March 22nd.

The Pacific West-based company has since announced a bug bounty for pretty much any of its services, including Steam. It's possible that this extremely concerning revelation could have been the impetus for this.


Tags:
Editor - PC Games Insider

Alex Calvin launched PCGamesInsider.biz in August 2017 and has been its editor since. Prior to this, he was deputy editor at UK based games trade paper MCV and content editor for marketing and events for London Games Festival 2017. His work has also appeared in Eurogamer, The Observer, Kotaku UK, Esquire UK and Develop.

Comments

No comments
View options
  • Order by latest to oldest
  • Order by oldest to latest
  • Show all replies