PT-2021-24431 — Origin Validation Error in Unknown Steam Socialite Provider

PT-2021-24431 · Unknown · Steam Socialite Provider

Published

2021-01-29

Updated

2021-01-29

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions: Steam Socialite Provider versions 1.x

Description: The issue arises from the outdated version 1 of the Steam Socialite Provider, which fails to properly verify if the login originates from steamcommunity.com. This allows a malicious actor to substitute their own openID server.

Recommendations: For versions 1.x, upgrade to version 3 or 4, which use a hardcoded endpoint to verify the login.

Origin Validation Error

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-346

Related Identifiers

GHSA-HHW9-35P2-Q2C5

Affected Products

Steam Socialite Provider

PT-2021-24431 · Unknown · Steam Socialite Provider

Weakness Enumeration

Related Identifiers

Affected Products

References · 3