Difference between revisions of "DBSA:2014-0003"

From Digibase Knowledge Base
Jump to: navigation, search
(Created page with "{{DBSAHEAD | TITLE=Valve Anti-Cheat System (VAC) Scans Windows DNS Caches | KEYWORDS=Valve, Steam, Information Disclosure, DNS }} '''DBSA ID:''' {{PAGENAME}} '''Regarding:''...")
 
 
(4 intermediate revisions by the same user not shown)
Line 24: Line 24:
 
'''Severity:''' LOW
 
'''Severity:''' LOW
  
'''Rationale:''' Information submitted is hashed.
+
'''Rationale:''' Information submitted is hashed prior to submission
  
 
'''Spread of Issue:''' SINGLE-PLATFORM MODERATE
 
'''Spread of Issue:''' SINGLE-PLATFORM MODERATE
Line 31: Line 31:
  
 
==Description==
 
==Description==
Steam is a game software platform developed and published by the Valve Corporation that is capable of playing multiple games through a single common platform. Recently there was a disclosure that the Valve Anti-Cheat System (VAC) acquires the content of the Windows DNS cache and processes it. Each entry is hashed and submitted to Valve-controlled servers likely for the purpose of checking to ensure cheats or malicious websites are not being utilized.
+
Steam is a game software platform developed and published by the Valve Corporation that is capable of playing multiple games through a single common platform. Recently there was a disclosure that the Valve Anti-Cheat System (VAC) acquires the content of the Windows DNS cache and processes each entry sequentially. Each entry is hashed and submitted to Valve-controlled servers likely for the purpose of checking to ensure cheats or malicious websites are not being utilized to tamper with the platform. Notwithstanding the hashing, this has the effect of disclosing information about what websites are visited and possibly provides a method of statistical analysis of those visitations.
  
Processing prior to submission is hashed via md5 and submitted to the VAC servers.
+
The hashing algorithm utilized is md5.
  
 
==Mitigation/Solution==
 
==Mitigation/Solution==
Despite the fact this mechanism may have legitimate purpose, there is an uninformed information disclosure and should be approached with caution as any potential for disclosure.
+
Despite the fact this mechanism may have legitimate purpose, this is an uninformed information disclosure and should be approached with caution as any potential for disclosure.
  
If there are confidential or other similar websites that you have recently visited, to prevent potential disclosure of the number of websites you visit or potentially associating yourself with others that visit those sites, it is advised to clear your DNS cache:
+
If there are confidential or other similar websites that you have recently visited, to prevent potential disclosure of the number of websites you visit or potentially associating yourself with others that visit those sites, it is advised to clear your DNS cache prior to starting the Valve software:
  
 
'''Under Windows XP:'''
 
'''Under Windows XP:'''
 
* Press [Windows Key] + [R]
 
* Press [Windows Key] + [R]
* '''Enter into Run: '''cmd''' — hit enter.
+
* Enter into Run: '''cmd''' — hit enter.
 
* Enter into the Command Line: '''ipconfig /flushdns''' — hit enter
 
* Enter into the Command Line: '''ipconfig /flushdns''' — hit enter
 
* Close the Command Line and start Steam as normal.
 
* Close the Command Line and start Steam as normal.

Latest revision as of 10:47, 17 February 2014

Disclaimer: as technology changes, advisories may become out of date or may no longer be relevant, please refer to the "Date" section of the header to be sure the advisory is recent as pertains to your situation.

Digibase Security Advisory - Valve Anti-Cheat System (VAC) Scans Windows DNS Caches

Keywords: Valve, Steam, Information Disclosure, DNS

DBSA ID: 2014-0003

Regarding: Valve Anti-Cheat System (VAC) Scans Windows DNS Caches

Writeup: Kradorex Xeron (talk) 10:30, 17 February 2014 (EST)

Date: 2014 02 17

Last Modified: 20140217104740 by Kradorex Xeron

Who should take note: All Steam Users

Classification

Priority: MODERATE

Rationale: Information is disclosed to a remote party without user awareness

Severity: LOW

Rationale: Information submitted is hashed prior to submission

Spread of Issue: SINGLE-PLATFORM MODERATE

Rationale: There are many users of the Steam game software platform under Windows

Description

Steam is a game software platform developed and published by the Valve Corporation that is capable of playing multiple games through a single common platform. Recently there was a disclosure that the Valve Anti-Cheat System (VAC) acquires the content of the Windows DNS cache and processes each entry sequentially. Each entry is hashed and submitted to Valve-controlled servers likely for the purpose of checking to ensure cheats or malicious websites are not being utilized to tamper with the platform. Notwithstanding the hashing, this has the effect of disclosing information about what websites are visited and possibly provides a method of statistical analysis of those visitations.

The hashing algorithm utilized is md5.

Mitigation/Solution

Despite the fact this mechanism may have legitimate purpose, this is an uninformed information disclosure and should be approached with caution as any potential for disclosure.

If there are confidential or other similar websites that you have recently visited, to prevent potential disclosure of the number of websites you visit or potentially associating yourself with others that visit those sites, it is advised to clear your DNS cache prior to starting the Valve software:

Under Windows XP:

  • Press [Windows Key] + [R]
  • Enter into Run: cmd — hit enter.
  • Enter into the Command Line: ipconfig /flushdns — hit enter
  • Close the Command Line and start Steam as normal.

Under Windows Vista/7:

  • Open the Start Menu
  • Enter into the bottom search box: command
  • Right Click Command Line and Start as Administrator (if UAC enabled), start normally otherwise.
  • Enter into the Command Line: ipconfig /flushdns — hit enter
  • Close the Command Line and start Steam as normal.

Under Windows 8/8.1:

  • Press [Windows Key] + [F]
  • Enter into the search box: cmd — hit enter
  • Right Click on the cmd result
  • Click the Advanced button at the bottom and Run as Administrator
  • Enter into the Command Line: ipconfig /flushdns — hit enter
  • Close the Command Line and start Steam as normal.

References