Lucene search
K

3 matches found

OSV
OSV
added 2021/05/25 6:42 p.m.19 views

GHSA-74XM-QJ29-CQ8P In github.com/pion/webrtc, failed DTLS certificate verification doesn't stop data channel communication

Impact Data channel communication was incorrectly allowed with users who have failed DTLS certificate verification. This attack requires Attacker knows the ICE password. Only take place during PeerConnection handshake. This attack can be detected by monitoring PeerConnectionState in all versions ...

5.3CVSS5.1AI score0.00677EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2021/05/25 6:42 p.m.57 views

In github.com/pion/webrtc, failed DTLS certificate verification doesn't stop data channel communication

Impact Data channel communication was incorrectly allowed with users who have failed DTLS certificate verification. This attack requires Attacker knows the ICE password. Only take place during PeerConnection handshake. This attack can be detected by monitoring PeerConnectionState in all versions ...

5.3CVSS5.4AI score0.00677EPSS
Exploits1References7Affected Software1
Hacker One
Hacker One
added 2019/04/08 9:20 a.m.68 views

Slack: Slack DTLS uses a private key that is in the public domain, which may lead to SRTP stream hijack

Affects: Janus DTLS certificate Description The Janus server in use by Slack is configured using a certificate and private key that were previously distributed by default. This certificate is used to authenticate the DTLS connection which is later used to exchange keys for the SRTP stream. As a...

0.1AI score
Exploits0
Rows per page
Query Builder