ajaxgetachievementsforgame is not guarded for unreleased apps
Medium
V
Valve
Submitted None
Team Summary
Official summary from Valve
Due to an access control bug in the 'ajaxgetachievementsforgame' method, a public profile could accidentally expose achievement names, display names, and descriptions for unreleased games. The caller would need to find a player with achievements for the unreleased app.
Actions:
Reported by
j4ln
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$750.00
Submitted
Weakness
Information Disclosure