A considerable security vulnerability that could allow an attacker to generate an activation key for any game available on the digital store, Steam, without any payment was discovered by a security researcher Artem Moskowsky and brought into the notice of Valve Corporation rather than him pursuing it further for his own advantage. He was rewarded by the company for his discovery.
According to reports, while using Steam’s partner portal which is usually used to manage games and access activation keys, Moskowsky discovered the ease with which it was possible to alter the parameters of the API Valve uses for handling functionality. Furthermore, the apt alteration could make it possible to generate activation keys not just for a single but the entire range of games on Steam.
Moskowsky’s professionalism and integrity fetched him a big pay day. His report was titled “Getting all the CD keys of any Game”. The flaw was a rather significant one considering the fact that it was reported on Aug. 7 and rewarded with $15,000 bounty plus a bonus of $5,000 by Aug. 11 after Valve reviewed the discovery.
Moskowsky has already reported another security flaw of SQL injection vulnerability before this one in July for which the company rewarded him with $25,000.