Steamworks game clients/servers using P2P authentication vulnerable to denial of service
Processing the raw ValidateAuthTicketResponse_t callback data panics when the m_eAuthSessionResponse field is k_EAuthSessionResponseAuthTicketNetworkIdentityFailure. This can lead to denial of service in game clients and servers using the begin_authentication_session API to authenticate players if a malicious game client sends an authentication ticket with a network identity that does not match that of the verifier.