'

Valve Rewards Researcher £20,000 for Discovering Unlimited Free Game Bug

The researcher was able to claim 36,000 free keys for Portal 2 using this bug

Valve Rewards Researcher £20,000 for Discovering Unlimited Free Game Bug

Valve Rewards Researcher $20,000 for Discovering Unlimited Free Game Bug

Valve has rewarded Artem Moskowsky $20,000 for discovering a bug which allowed the security researcher to generate thousands of free codes for any game on the platform, a bug which was exploitable by changing a single parameter. 

Using this bug, the researcher was able to generate and receive 36,000 keys for Portal 2, though the exploit could be used to access games from other developers. Moskowsky contacted Valve after uncovering the bug on August 7th, with Valve fixing the bug a few weeks ago, allowing information about the issue to go public. 

Because Moskowsky contacted Valve privately, he was given $15,000 through Valve's bug bounty program, for discovering the bug, and an additional $5,000 for remaining quiet about the issue until it was addressed. In the past, the same researcher received $25,000 from Valve for discovering an SQL injection bug on the platform. 

     To exploit the vulnerability, it was necessary to make only one request, I managed to bypass the verification of ownership of the game by changing only one parameter. After that, I could enter any ID into another parameter and get any set of keys.

Valve Rewards Researcher £20,000 for Discovering Unlimited Free Game Bug  

You can join the discussion on Valve's unlimited free game bug on the OC3D Forums

«Prev 1 Next»

Most Recent Comments

13-11-2018, 04:53:37

NeverBackDown
Well now he'll make more money from all those keysQuote
Reply
x

Register for the OC3D Newsletter

Subscribing to the OC3D newsletter will keep you up-to-date on the latest technology reviews, competitions and goings-on at Overclock3D. We won't share your email address with ANYONE, and we will only email you with updates on site news, reviews, and competitions and you can unsubscribe easily at any time.

Simply enter your name and email address into the box below and be sure to click on the links in the confirmation emails that will arrive in your e-mail shortly after to complete the registration.

If you run into any problems, just drop us a message on the forums.