Improper Authentication inside the Rockstar Games Launcher which leads to Account takeover to some extend

In this report, the researcher described a method for gaining access to a victim's Social Club account on Rockstar Games Launcher under the following conditions: 1. The attacker had already gained access to the victim's Steam or Epic Games account, 2. The victim had linked their Steam or Epic account with their Social Club account, 3. The victim owned a Rockstar Games game on Steam or Epic. When all the above conditions were met, the attacker would be able to gain access to the victim's Social Club profile within Rockstar Games Launcher via the Switch Account feature when attempting to launch the Steam/Epic game. This could result in account theft and abuse. To resolve this issue, we implemented and enabled enforcement of an additional auth token that verifies whether or not a user has recently signed in as the account they are attempting to switch to; if not, the user is prompted to log out and re-enter their credentials.