10 matches found
CVE-2021-28681
Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connection when certificate verification failed. The PeerConnectionState was set to failed, but a user could ignore that and continue to use the PeerConnection. A WebRTC implementation shouldn't allow the user to continue if verificatio...
GO-2021-0104 Authorization bypass in github.com/pion/webrtc/v3
Due to improper error handling, DTLS connections were not killed when certificate verification failed, causing users who did not check the connection state to continue to use the connection. This could allow allow an attacker which holds the ICE password, but not a valid certificate, to bypass th...
GHSA-74XM-QJ29-CQ8P In github.com/pion/webrtc, failed DTLS certificate verification doesn't stop data channel communication
Impact Data channel communication was incorrectly allowed with users who have failed DTLS certificate verification. This attack requires Attacker knows the ICE password. Only take place during PeerConnection handshake. This attack can be detected by monitoring PeerConnectionState in all versions ...
In github.com/pion/webrtc, failed DTLS certificate verification doesn't stop data channel communication
Impact Data channel communication was incorrectly allowed with users who have failed DTLS certificate verification. This attack requires Attacker knows the ICE password. Only take place during PeerConnection handshake. This attack can be detected by monitoring PeerConnectionState in all versions ...
CVE-2021-28681
Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connection when certificate verification failed. The PeerConnectionState was set to failed, but a user could ignore that and continue to use the PeerConnection. A WebRTC implementation shouldn't allow the user to continue if verificatio...
CVE-2021-28681
Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connection when certificate verification failed. The PeerConnectionState was set to failed, but a user could ignore that and continue to use the PeerConnection. A WebRTC implementation shouldn't allow the user to continue if verificatio...
Code injection
Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connection when certificate verification failed. The PeerConnectionState was set to failed, but a user could ignore that and continue to use the PeerConnection. A WebRTC implementation shouldn't allow the user to continue if verificatio...
CVE-2021-28681
Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connection when certificate verification failed. The PeerConnectionState was set to failed, but a user could ignore that and continue to use the PeerConnection. A WebRTC implementation shouldn't allow the user to continue if verificatio...
CVE-2021-28681
CVE-2021-28681 affects Pion WebRTC before 3.0.15. The vulnerability arises when a DTLS connection isn’t properly torn down after certificate verification fails; the PeerConnectionState is set to failed, but a user could continue to use the PeerConnection. Impact reported: data channel communicati...
Sean DuBois Pion WebRTC 安全漏洞
Sean DuBois Pion WebRTC is Sean DuBois an open source application . Pion WebRTC is a Go implementation of WebRTC. A security vulnerability exists in Pion WebRTC before 3.0.15, which stems from not properly closing DTLS connections...