Steam corrects a security flaw that allowed to change foreign passwords

As we have been able to read on Kotaku, a security flaw was discovered over the weekend on Steam, Valve's popular video game platform. Specifically, the bug we are talking about allow changing the password of other users in a matter of seconds.

Without a doubt, we are facing a fairly serious security flaw, especially if we take into account that in order to change the password of a certain account there was no need to access the victim's email. In fact, exploiting the security breach we were talking about was as simple as requesting a password reset code and accessing the section of the web where the process is carried out to confirm the change. For this, it is normally necessary to enter a security code sent to the email account of the owner of the Steam account, but due to the security breach the platform accepted as valid to leave blank the field in which the code was requested. In this way, anyone could leave other users without access to their account, changing their password without any identity verification. From Steam they have communicated that the security flaw that we are talking about has already been solved. Specifically, it seems to have affected various user accounts between July 21 and 25. The company is restoring the passwords of the accounts affected by the failure.

Source: Kotaku