Add apps to packages 0, 61, 62 with /store/ajaxpackagemerge
High
V
Valve
Submitted None
Team Summary
Official summary from Valve
The ajaxpackagemerge API incorrectly allowed partners to add their own apps to certain Valve administrative packages. This can be further leveraged to generate CD key ranges for these administrative packages. The API access control was corrected.
Actions:
Reported by
lolcanyouexplainagainpleaselol
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Improper Access Control - Generic