Store Page
Counter-Strike 2
All Discussions Screenshots Artwork Broadcasts Videos Workshop News Guides Reviews

Counter-Strike 2

Store Page
View Stats:
Global Achievements
༻︻デ 一♣ Dec 11, 2023 @ 5:58am
4
2
2
5
HUGE SECURITY EXPLOIT IN CS2 RIGHT NOW⚠️
Apparently, there is a security exploit with Steam names inside CS2, which allows for people to change visual stuff inside the game with a simple HTML code linking an image.

It's also speculated people could potentially do things like run code on your computer or get access to your steam account this way. I DID NOT see anyone do this, it's speculation from people who know much more than me.

This should be fixed very fast but what a huge oversight from Valve, maybe it's better to just not open CS2 while this is not fixed.
Last edited by ༻︻デ 一♣; Dec 11, 2023 @ 6:00am
< >
Showing 91-105 of 228 comments
⛧Tя!вƐ⛧ Dec 11, 2023 @ 12:09pm 
https://youtu.be/1TWeeTfTfXs?si=N568RU0fik8AiO5n
#91
M☈ Ⓜⓘⓓⓔ ™ Dec 11, 2023 @ 12:19pm 
Originally posted by PEPE OSEPE:
Originally posted by coda:
Is it your own rumor?
You can inject code (probably javascript) which executes logical commands. So this could be very possible and you should be carefully.
how is js injected pls explain?
#92
Mr. Rubber Ducky Dec 11, 2023 @ 12:20pm 
the worst you can do is log peoples ip but that's about it. unless people discover a way to inject executable code either due to a faulty image library or something else, this is just a funny way to show something inappropriate to people
#93
M☈ Ⓜⓘⓓⓔ ™ Dec 11, 2023 @ 12:21pm 
Originally posted by Tr!b3:
https://youtu.be/1TWeeTfTfXs?si=N568RU0fik8AiO5n
Thanks for the video. Holly ♥♥♥♥.
#94
Mr. Rubber Ducky Dec 11, 2023 @ 12:23pm 
Originally posted by Tr!b3:
https://youtu.be/1TWeeTfTfXs?si=N568RU0fik8AiO5n
the community maps serving malicious downloads been a thing for a while, valve refuses to fix security vulnerabilites like this since tf2 days.
#95
༻︻デ 一♣ Dec 11, 2023 @ 12:25pm 
VALVE is so freakin rich and shLait like this still happens ♥♥♥♥♥♥♥♥
#96
ÐîGîTå£|Ãg€ñ†کmïth Dec 11, 2023 @ 12:25pm 
I warned people 3 months ago.
#97
༻︻デ 一♣ Dec 11, 2023 @ 12:26pm 
did you?
#98
bus Dec 11, 2023 @ 12:29pm 
i think jrt is problematic for u and me :steamthis:
#99
gOoD Dec 11, 2023 @ 12:30pm 
How does Valve allow you to ignore such vulnerabilities?
#100
Renos Dec 11, 2023 @ 12:34pm 
Originally posted by gOoD:
How does Valve allow you to ignore such vulnerabilities?
i mean for one
theres no real harm that can be done here,
the most you could do was IP lookup teammates
but even then
it would not ever return the actual address of the player just whatever routing node they are going through
even better the one vid showing IPs had a few that are complete nonsense and just pulled off the internet to make it look legit
#101
༻︻デ 一♣ Dec 11, 2023 @ 12:36pm 
With IP you can do ALOT
#102
Mr. Rubber Ducky Dec 11, 2023 @ 12:39pm 
To remind you guys:
- Valve ignored security researches working on their bounty program, blocking them from it or downright revoking their access completely from it for reporting very critical security vulnerabilities which are still unfixed
- Remote code execution attacks after joining a server or before even joining a server were present since CS:GO days and were abused out in the wild to the point where security researches had to publicly warn people about it (was never fixed to my knowledge)
- If valve fixed a issue from bounty program, they didn't pay out the security researches their bounties for finding the security vulnarybility
- Valve nearly always rejected security researcher's proposals on a fix

...and to remind you guys of what happened in cs:go:
- CS:GO still executed malicious files if given the chance after joining a server
- Remote code execution just by pinging a server from Server Browser, or connecting to one that allowed attackers to do basically anything they want (ex. open calculator, run cmd/ps with payload) - this is still affecting Source games like Team Fortress 2 (afaik, maybe they finally fixed it lol but clearly not I guess)

+ there was even more which I forgot about, i'm pretty sure it's still on their hacker bounty board which they left in a ditch or completely scrapped after losing all trust from talented security researchers.

This company isn't perfect and shouldn't be held in such a high praise, unsanitized user input in UI is just a tip of the iceberg, the lower you descend, the more you start noticing how painfully unsecure this game is to the point where it feels like walking on thin ice on anything that isn't a valve server.
#103
Mr. Rubber Ducky Dec 11, 2023 @ 12:41pm 
Originally posted by ދަ އެބިސް އެވެ:
With IP you can do ALOT
No, the worst you can do with an IP address is DDoS someone or grab their approximate location which is usually where your ISP datacenter is. You can't do anything else with it, and well it's not like it's really that much private information (classified as personal in EU iirc) as any website you visit need your IP Address in the first place.
Last edited by Mr. Rubber Ducky; Dec 11, 2023 @ 12:42pm
#104
ÐîGîTå£|Ãg€ñ†کmïth Dec 11, 2023 @ 12:41pm 
Let me interject this info to you. I have had internet problems since this exploit had been executed on my system. There is more to come in why this was overlooked and its because Valve used the steam users to test the game, This means that the game was never looked at by a security engineer. This also means that it did not get tested for Remote code execution on your pc from a remote host connecting through your game, This is a bigger problem. I had proof that my machine was hacked with the use of cs2 and tried to warn people in October.
I also told you that the source 2 engine leak is the biggest issue in this problem from a few years ago.
Last edited by ÐîGîTå£|Ãg€ñ†کmïth; Dec 11, 2023 @ 12:43pm
#105
< >
Showing 91-105 of 228 comments
Per page: 1530 50

Counter-Strike 2 > General Discussions > Topic Details
Date Posted: Dec 11, 2023 @ 5:58am
Posts: 228

Discussions Rules and Guidelines