Valve awards $7.5k bounty to a researcher who discovered a flaw with Steam's wallet system - gonzalesandlever

1. Home
2. News

Valve awards $7.5k bounty to a researcher WHO discovered a flaw with Steam's wallet system

(Image credit: Steam clean)

Valve has had to touch o a Steam work that allowed players to generate false credits to their Steam billfold balance.

While in that respect's no word yet happening whether or not unprincipled players were able to successfully make use of the exploit, the release came to airy earlier this week on HackerOne good manners of a security researcher World Health Organization'd discovered that if a user had "amount100" as piece of their Steam story email address, payments via Smart2Pay could be intercepted and amended, changing $1 deposits to, say, $100 while the payment debited from the bank account remained at $1.

As reported by The Daily Swig, after examination the API "in-flight" interception, Valve's JonP thanked the newsperson, moved fleetly with the team to triage the way out, and confirmed that the research worker was correct and asked them to "delight stand firm away" while Valve "assessed [the] severity" of the exploit.

Later that same daytime, the researcher was asked to retest the system, subsequently which JonP felt compelled to reclassify the deed every bit a "critical" one and awarded the researcher a $7500 bounty in thanks for reporting the issue.

"Thank you for this report," JonP aforesaid (thanks, NME). "This was clearly written and helpful in identifying a real lin risk. We have changed the severity assessment to Caviling, reflecting the potential cost to the business, and practical a bounty accordingly. We hope to hear more from you in the future."

ICYMI, Microsoft's streaming service, xCloud, will work at Valve's Steamer Coldcock. The announcement came courtesy of Xbox political boss Phil Spencer, who teased that earlier this week, he'd spent time with the team at Valve, experimenting with Steam Deck and confirming that "Gloriol" and "Age" "feel good" on Valve's new handheld system.

While Spencer stopped short of confirming how, on the button, the streaming service wish solve on Steam Bedight, it's the first time we've had substantiation that Microsoft's streaming service is harmonious with Steam Adorn.

Missed the big announcement of Valve's all-new Steam clean Bedight? Compared by many to be the PC equivalent of the Nintendo Switch, the Steamer Embellish is a handheld PC that enables you to carry your Steamer library with you wherever you go, and has been balanced to execute equally healed regardless of whether IT's docked or on the move.

Feel out how the Steam Knock down spectacles compare to the Nintendo Switch, PS5, and Xbox Serial X in our breakdown.

Disunite of GR+'s newsworthiness gang, Vikki is a (jolting) survival of the fittest repulsion survivalist with a penchant for sci-fi, shooters, thrillers, and a strong cup of Yorkshire tea. A intended Shielder and Spartan, she's terrible at FPSs, but loves 'em all the synoptic.

Source: https://www.gamesradar.com/valve-awards-dollar75k-bounty-to-a-researcher-who-discovered-a-flaw-with-steams-wallet-system/

Posted by: gonzalesandlever.blogspot.com

Share this post