3 matches found
GHSA-74XM-QJ29-CQ8P In github.com/pion/webrtc, failed DTLS certificate verification doesn't stop data channel communication
Impact Data channel communication was incorrectly allowed with users who have failed DTLS certificate verification. This attack requires Attacker knows the ICE password. Only take place during PeerConnection handshake. This attack can be detected by monitoring PeerConnectionState in all versions ...
In github.com/pion/webrtc, failed DTLS certificate verification doesn't stop data channel communication
Impact Data channel communication was incorrectly allowed with users who have failed DTLS certificate verification. This attack requires Attacker knows the ICE password. Only take place during PeerConnection handshake. This attack can be detected by monitoring PeerConnectionState in all versions ...
Slack: Slack DTLS uses a private key that is in the public domain, which may lead to SRTP stream hijack
Affects: Janus DTLS certificate Description The Janus server in use by Slack is configured using a certificate and private key that were previously distributed by default. This certificate is used to authenticate the DTLS connection which is later used to exchange keys for the SRTP stream. As a...