lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <c6123e7a-98a4-41f7-aa50-fa0bbf818fb5@app.fastmail.com>
Date: Tue, 22 Oct 2024 09:17:53 +0200
From: Sandro Gauci via Fulldisclosure <fulldisclosure@...lists.org>
To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org>
Subject: [FD] [RESEARCH] DTLS 'ClientHello' Race Conditions in WebRTC
	Implementations

Dear Full Disclosure community,

We've released a white paper detailing a critical vulnerability affecting multiple WebRTC implementations: "DTLS 'ClientHello' Race Conditions in WebRTC Implementations".

White paper: https://www.enablesecurity.com/research/webrtc-hello-race-conditions-paper.pdf

Key points:

1. Vulnerability: Failure to properly verify the origin of DTLS "ClientHello" messages in WebRTC sessions.
2. Impact: Potential for denial of service attacks.
3. Affected implementations (all Open-Source projects have been patched in latest versions):
   - RTPEngine
   - Asterisk
   - FreeSWITCH
   - Skype (PSTN)

4. Tested but not vulnerable:
   - Janus, Discord, Dolby.io, Facebook Messenger, Google Meet, LiveKit Meet, Webex, Zoho Meeting, Zoom, Mediasoup

5. Root cause: Not a specification bug, but a common implementation oversight.

Methodology:
- Extensive testing on open-source and proprietary WebRTC implementations
- Focus on media servers and popular communication platforms

This research expands on our previous blog post, providing more comprehensive details and analysis.

We invite the community to review our findings, methodology, and recommendations. Your feedback and further research into WebRTC security is welcome.

--
 
    Sandro Gauci, CEO at Enable Security GmbH

    Register of Companies:       AG Charlottenburg HRB 173016 B
    Company HQ:                       Neuburger Straße 101 b, 94036 Passau, Germany
    RTCSec Newsletter:               https://www.rtcsec.com/subscribe
    Our blog:                                https://www.rtcsec.com
    Other points of contact:       https://www.enablesecurity.com/contact/
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Powered by blists - more mailing lists