A sensitive information exposure vulnerability exists in ArthurFiorette steam-trader 2.1.1. An unauthenticated attacker can send a request to the /users API end…

A critical vulnerability in ArthurFiorette steam-trader 2.1.1 allows unauthenticated attackers to access sensitive Steam account data through the /users API endpoint. Exposed data includes usernames, passwords, identity secrets, and shared secrets. Application logs also leak authentication tokens and session identifiers. This enables attackers to generate Steam Guard 2FA codes, hijack sessions, and gain full Steam account control including inventory and trading access. No fix is available as the repository is archived and unmaintained.