Valve is a game software company who makes popular software titles such as Half-Life and Counterstrike and distributes them through a program called Steam. It’s passwords are are encrypted with AES encryption using a key from a combination of 3 concatenated registry keys:
Using this decryption key it is possible to recover the password of your Steam that is stored in ClientRegistry.blob in your Steam install directory when you chose to “Remember my Password”.
During the coding of Steam Recover we came across a flaw in Steam’s login procedure in when you log in and don’t choose “Remember my Password” Steam will still store your password in the ClientRegistry.blob while you are logged in , thus making your password susceptible to being recovered by this same method.
STEAM CHANGED THE WAY THE PASSWORDS ARE SAVED THE DEMO BELOW NO LONGER WORKS
You can repeat this discovery by downloading our Demo version of :
and log into your steam account wait about 30 seconds and open Steam Recover and press “Recover Steam Password!” even though you didn’t select “Remember my Password” your password is still recovered.
This is not a major bug but might be a security risk in gaming centers and lan parties.