Abrynos

**Name of the Vulnerable Software and Affected Versions** ArchiSteamFarm versions prior to 5.1.2.4 **Description** ArchiSteamFarm is a C# application for idling Steam cards from multiple accounts simultaneously. A bug in the code for the `POST /Api/ASF` API endpoint, which updates the global ASF config, incorrectly removes the `IPCPassword` from the resulting config if not specified explicitly. This allows users to accidentally remove the `IPCPassword` security measure when updating the global ASF config, posing a security risk as unauthorized users may access the IPC interface. By default, ASF is configured to allow IPC access from `localhost` only, which should not affect the majority of users. **Recommendations** For versions prior to 5.1.2.4, update to version 5.1.2.4 or later to resolve the issue. After updating, manually verify that the `IPCPassword` is specified and set it accordingly if it is not. As a temporary workaround, consider restricting access to the IPC interface to minimize the risk of exploitation.