[BLOG] Reddit Discovers Steam Exploit That Reveals Random E-Mail Addresses

Post Reply
User avatar
PredictedCyborg
Posts: 63
Joined: 07 Sep 2013, 10:14
Location: Somewhere in a server near you...

[BLOG] Reddit Discovers Steam Exploit That Reveals Random E-Mail Addresses

Post by PredictedCyborg »

This is a blog post. To read the original post, please click here »

Reddit users have discovered a security flaw in Steam, that allows for users to find out the e-mail addresses of other users.



Don't panic though, all that can be done through the process to find it is that e-mail preferences can then be altered, but the actual address tied to the other user's account can't be changed to something else, nor can very much else be done with the 'access' to the address. Still, it's not exactly comforting knowing that people can find out your e-mail address without you knowing.



Image



The process involves something to do with using a cached token that is can change the e-mail preferences of an account. That same token is used instead of a login if a user wishes to unsubscribe themselves from e-mails without logging in. The token is a long, randomly generated one; but not much use if the token is being cached and stored for later use.



The method is not able to target specific addresses, but will reveal e-mails to other people without permission and if it can be used to edit the settings of another person's account there's a possibility that there could be other undiscovered vulnerabilities lurking that could change other, more potentially damaging settings of accounts. Valve have been notified of the exploit though, so here's hoping that this hole will soon be plugged, along with any others they might discover during the plugging process.
Yes that's Minecraft-me in my av. Done by Reiu who is damn talented!
CrimsonShade
He's Technically Motivated
Posts: 122
Joined: 16 May 2011, 04:14
Location: England
Contact:

Re: [BLOG] Reddit Discovers Steam Exploit That Reveals Random E-Mail Addresses

Post by CrimsonShade »

I swear this is the second time now that an issue with Steam has let people see other people's email addresses...
Image
Image
Post Reply