{"id":37648,"date":"2025-01-28T16:07:59","date_gmt":"2025-01-28T16:07:59","guid":{"rendered":"https:\/\/dejan.au\/index.php\/2025\/01\/28\/csgo-exploit-allows-hackers-to-steal-passwords-and-valve-hasnt-fixed-it-dexerto\/"},"modified":"2025-01-28T16:07:59","modified_gmt":"2025-01-28T16:07:59","slug":"csgo-exploit-allows-hackers-to-steal-passwords-and-valve-hasnt-fixed-it-dexerto","status":"publish","type":"post","link":"https:\/\/dejan.au\/index.php\/2025\/01\/28\/csgo-exploit-allows-hackers-to-steal-passwords-and-valve-hasnt-fixed-it-dexerto\/","title":{"rendered":"CSGO exploit allows hackers to steal passwords, and Valve hasn\u2019t fixed it &#8211; Dexerto"},"content":{"rendered":"<p>CSGO exploit allows hackers to steal passwords, and Valve hasn\u2019t fixed it ValveCSGO players have been warned about a problematic exploit that allows hackers to steal passwords. Valve has apparently known about it for months and still not fixed it. The Secret Club, a not-for-profit reverse-engineering group, discovered the exploit more than two years ago. They claim to have brought it to Valve\u2019s attention back then. However, it has never been acknowledged, let alone fixed. Now, they\u2019ve decided to finally open up about it after claiming Valve has prevented them from publicly disclosing it for years. The first post pointed out the exploit allows hackers to access a user\u2019s data using Steam invites. It\u2019s tied to a remote code execution flaw that affects all source engine games, including CSGO. Read More: How to fix CSGO sensitivity bug &#8211; \u201cTwo years ago, secret club member @floesen_ reported a remote code execution flaw affecting all source engine games. It can be triggered through a Steam invite. This has yet to be patched, and Valve is preventing us from publicly disclosing it.\u201d Two years ago, secret club member @floesen_ reported a remote code execution flaw affecting all source engine games. It can be triggered through a Steam invite. This has yet to be patched, and Valve is preventing us from publicly disclosing it. pic.twitter.com\/0FWRvEVuUX \u2014 secret club (@the_secret_club) April 10, 2021 Unfortunately, that\u2019s only the beginning. A hacker can use the remote code execution flaw to practically do anything they want on a user\u2019s system, including accessing data and running programs. \u201cOn the topic of our previous thread, we have @brymko @cffsmith @scannell_simon showcasing their remote code execution 0-day for CSGO. This has been reported to Valve months ago, but they have neither paid them nor acknowledged the exploit.\u201d On the topic of our previous thread, we have @brymko @cffsmith @scannell_simon showcasing their remote code execution 0-day for CS:GO. This has been reported to Valve months ago, but they have neither paid them nor acknowledged the exploit. pic.twitter.com\/yGUJTZZzrO \u2014 secret club (@the_secret_club) April 10, 2021 Last but not least, they revealed the scariest news of all. Hackers can also host community servers, send remote code executions to everyone in the lobby, and run a script to steal their passwords and skins, and even infect their hard drive with malware. \u201cThird times a charm; @the_secret_club member mev showcases their remote code execution 0-day for CSGO. This has been reported to Valve 5 months ago with no response from Valve.\u201d Third times a charm; @the_secret_club member mev showcases their remote code execution 0-day for CS:GO. This has been reported to Valve 5 months ago with no response from Valve. pic.twitter.com\/Jw8icRPh3j \u2014 secret club (@the_secret_club) April 10, 2021 It\u2019s bad enough that the exploit exists. Players will have to think twice about playing CSGO if they care about their data. However, it\u2019s more concerning that Valve has supposedly known about it for a while now and not fixed it, let alone swept it under the rug. They are yet to issue a statement on the matter. If you are concerned about giving away your precious data booting up CS:GO, you might have stay away from the game for now.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CSGO exploit allows hackers to steal passwords, and Valve hasn\u2019t fixed it ValveCSGO players have been warned about a problematic exploit that allows hackers to steal passwords. Valve has apparently known about it for months and still not fixed it. The Secret Club, a not-for-profit reverse-engineering group, discovered the exploit more than two years ago. [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-37648","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/dejan.au\/index.php\/wp-json\/wp\/v2\/posts\/37648","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dejan.au\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dejan.au\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dejan.au\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/dejan.au\/index.php\/wp-json\/wp\/v2\/comments?post=37648"}],"version-history":[{"count":0,"href":"https:\/\/dejan.au\/index.php\/wp-json\/wp\/v2\/posts\/37648\/revisions"}],"wp:attachment":[{"href":"https:\/\/dejan.au\/index.php\/wp-json\/wp\/v2\/media?parent=37648"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dejan.au\/index.php\/wp-json\/wp\/v2\/categories?post=37648"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dejan.au\/index.php\/wp-json\/wp\/v2\/tags?post=37648"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}