CVE-2021-32794

Name of the Vulnerable Software and Affected Versions ArchiSteamFarm versions prior to 5.1.2.4

Description ArchiSteamFarm is a C# application for idling Steam cards from multiple accounts simultaneously. A bug in the code for the POST /Api/ASF API endpoint, which updates the global ASF config, incorrectly removes the IPCPassword from the resulting config if not specified explicitly. This allows users to accidentally remove the IPCPassword security measure when updating the global ASF config, posing a security risk as unauthorized users may access the IPC interface. By default, ASF is configured to allow IPC access from localhost only, which should not affect the majority of users.

Recommendations For versions prior to 5.1.2.4, update to version 5.1.2.4 or later to resolve the issue. After updating, manually verify that the IPCPassword is specified and set it accordingly if it is not. As a temporary workaround, consider restricting access to the IPC interface to minimize the risk of exploitation.