The bug was discovered by researcher Artem Moskowsky, who received $15,000 for the discovery and an addition $5,000 for making a private disclosure. Steam's portal for game developers housed the flaw, allowing anybody to generate license keys for games.
The portal allows developers to generate license keys for their software. This allows developers to share games with journalists for review, for example. Mr. Moskowsky discovered that he could easily manipulate the feature to generate unlimited license keys for other software.
"I managed to bypass the verification of ownership of the game by changing only one parameter," he told The Register.
Like other outlets, Valve has an award program for security researchers who find and report flaws and vulnerabilities that can be exploited. It allows them to fix the problem before it could be used for malicious purposes. In this case, Valve determined that nobody had exploited the flaw to generate license keys.
Written by: James Delahunty @ 12 Nov 2018 22:26