This unauthenticated information exposure vulnerability impacts the archived, unmaintained steam-trader project. Attackers can send crafted requests to an unprotected API endpoint to retrieve full Steam account credentials, 2FA secrets, and active authentication tokens from application logs. Exploitation allows attackers to hijack affected accounts and gain full access to inventory and trading functionality. No official patch is available as the project is no longer maintained.
Remediation
Organizations using this software should immediately migrate to a supported alternative solution. Remove the steam-trader application from all public-facing infrastructure to eliminate exposure. If immediate migration is not possible, restrict all network access to remaining instances to only trusted IP addresses.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.