Jump to content
Tuts 4 You
Sign in to follow this  
Progman

Steam Zero-Day Vulnerability Affects Over 100 Million Users

Recommended Posts

Progman

https://www.bleepingcomputer.com/news/security/steam-zero-day-vulnerability-affects-over-100-million-users/

Quote

Valve determined that the flaw was "Not Applicable." The company chose not award a bug bounty or give an indication that they would fix it, and told the researchers that they were not allowed to disclose it.

 

the researcher realized that any Registry key could be modified by creating a symlink to it from a subkey under HKLM\Software\Wow6432Node\Valve\Steam\Apps.

This could allow a service running with SYSTEM privileges to be modified so that it launched a different program with elevated rights.

 

PoC creates a symlink back to the HKLM:\SYSTEM\CurrentControlSet\Services\Steam Client Service so that it could change the executable that is launched when the service is restarted.

 

Share this post


Link to post
atom0s
3 hours ago, Progman said:

told the researchers that they were not allowed to disclose it

Shit like this is the very reason peoples information lands up compromised lol. Companies try to dictate security and what they feel matters, and only when it bites them in the ass later on do they show any care for it. Glad to see someone didn't listen and released the info. Make them accountable. 

  • Like 1

Share this post


Link to post
Progman
Posted (edited)

According to https://hackerone.com/valve

They most certainly should be paying in fact in a higher category I would assume.  This is as big a vulnerability as the Capcom.sys one.  The "not applicable" sounds like someone with no technical expertise made such a decision.  Looking at the technical details myself, without a doubt this was an excellent find which should have been credited properly.  I also think exposure was the right avenue - but the researcher should have reached out through another channel at the company first in case it was just a mistake.

Edited by Progman (see edit history)

Share this post


Link to post
atom0s

Depending on how it was originally reported (assuming it was through a medium like hackerone) they probably had no other options. 

Reading over their hackerone page, gives me a few ideas for things to test that are possibly vulnerable. (Not looking to exploit, would report etc.)

  • Like 1

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×
×
  • Create New...