ArthurFiorette Steam-Trader Sensitive Information Exposure Vulnerability

Vulnerability

A vulnerability allowing sensitive information exposure exists in ArthurFiorette Steam-Trader version 2.1.1. An unauthenticated attacker can send a request to the /users API endpoint to access highly sensitive Steam account data, including the account username, password, identity secret, and shared secret. Additionally, application logs reveal authentication artifacts such as access tokens, refresh tokens, and session identifiers. This information enables an attacker to generate valid Steam Guard (2FA) codes, hijack authenticated sessions, and gain full control over the affected Steam account, including unauthorized access to inventory and trading functionality.

Impact

Exploitation of this vulnerability allows an attacker to access sensitive Steam account information, hijack authenticated sessions, and gain full control over the affected Steam account, including unauthorized access to inventory and trading features.

Added: Mar 30, 2026, 10:18 AM

Updated: Mar 30, 2026, 10:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.4

remediation

0.0

relevance

4.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.4

remediation

0.0

relevance

4.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ArthurFiorette Steam-Trader Sensitive Information Exposure Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating