Valve Accused of Ignoring Remote Code Execution Vulnerability Affecting All Source Engine Games

Tsing

The FPS Review
Staff member
Joined
May 6, 2019
Messages
11,075
Points
83
counter-strike-global-offensive-dual-1024x576.jpg
Image: Valve



Valve has been accused of preventing security researchers from publicly disclosing a remote code execution vulnerability that allegedly affects all games developed using the company’s widely renowned Source game engine (e.g., Half-Life 2, Counter-Strike: Global Offensive). What’s been reported thus far is that the flaw, which was originally reported two years ago but purportedly ignored by Valve, is primarily leveraged by attackers through Steam’s invite system. Secret Club, a not-for-profit reverse-engineering group, has tweeted a series of videos demonstrating that the vulnerability exists.



Two years ago, secret club member @floesen_ reported a remote code execution flaw affecting all source engine games. It can be triggered through a Steam invite. This has yet to be patched, and Valve...

Continue reading...


 
Yeah, but Steam is good and Epic is a security risks Steam's fanatics praise. /s

Steam still allow scammers to send its users fake "I accidentally reported you" etc. scams that hijacks / ruins it users accounts but blame its users because Steam allows these fake accounts to cause such havok?

Ugh?!
 
Yeah, but Steam is good and Epic is a security risks Steam's fanatics praise. /s

Steam still allow scammers to send its users fake "I accidentally reported you" etc. scams that hijacks / ruins it users accounts but blame its users because Steam allows these fake accounts to cause such havok?

Ugh?!
Report and ignore. What do you expect Valve to do about those accounts if nobody reports them? Same deal as online forums.

These exploits are a different situation entirely, however. Steam supposedly has the H1 ring so groups like this can report critical bugs, but in this case Valve just paid the bounty to the group without ever actually fixing the problem. This makes me think that maybe Valve can't fix the issue and they want to keep it quiet. If that is the case then that would be a legitimate reason to bring out the pitchforks.

Random accounts trying to scam you, though? Report and ignore. With my inventory private and profile messages disabled I get very few of those types of message. I've gotten two in the past 2-3 years.
 
I thought this was why you didn't need hardware for Steam Link anymore.


Is it an exploit? Is it really?


/s
 
Become a Patron!
Back
Top