[<prev] [next>] [day] [month] [year] [list]
Message-Id: <c6123e7a-98a4-41f7-aa50-fa0bbf818fb5@app.fastmail.com>
Date: Tue, 22 Oct 2024 09:17:53 +0200
From: Sandro Gauci via Fulldisclosure <fulldisclosure@...lists.org>
To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org>
Subject: [FD] [RESEARCH] DTLS 'ClientHello' Race Conditions in WebRTC
Implementations
Dear Full Disclosure community,
We've released a white paper detailing a critical vulnerability affecting multiple WebRTC implementations: "DTLS 'ClientHello' Race Conditions in WebRTC Implementations".
White paper: https://www.enablesecurity.com/research/webrtc-hello-race-conditions-paper.pdf
Key points:
1. Vulnerability: Failure to properly verify the origin of DTLS "ClientHello" messages in WebRTC sessions.
2. Impact: Potential for denial of service attacks.
3. Affected implementations (all Open-Source projects have been patched in latest versions):
- RTPEngine
- Asterisk
- FreeSWITCH
- Skype (PSTN)
4. Tested but not vulnerable:
- Janus, Discord, Dolby.io, Facebook Messenger, Google Meet, LiveKit Meet, Webex, Zoho Meeting, Zoom, Mediasoup
5. Root cause: Not a specification bug, but a common implementation oversight.
Methodology:
- Extensive testing on open-source and proprietary WebRTC implementations
- Focus on media servers and popular communication platforms
This research expands on our previous blog post, providing more comprehensive details and analysis.
We invite the community to review our findings, methodology, and recommendations. Your feedback and further research into WebRTC security is welcome.
--
Sandro Gauci, CEO at Enable Security GmbH
Register of Companies: AG Charlottenburg HRB 173016 B
Company HQ: Neuburger Straße 101 b, 94036 Passau, Germany
RTCSec Newsletter: https://www.rtcsec.com/subscribe
Our blog: https://www.rtcsec.com
Other points of contact: https://www.enablesecurity.com/contact/
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists