[FD] [RESEARCH] DTLS 'ClientHello' Race Conditions in WebRTC Implementations

[Sandro Gauci via Fulldisclosure <fulldisclosure@xxxxxxxxxxxx>]

Dear Full Disclosure community,

We've released a white paper detailing a critical vulnerability affecting 
multiple WebRTC implementations: "DTLS 'ClientHello' Race Conditions in WebRTC 
Implementations".

White paper: 
https://www.enablesecurity.com/research/webrtc-hello-race-conditions-paper.pdf

Key points:

1. Vulnerability: Failure to properly verify the origin of DTLS "ClientHello" 
messages in WebRTC sessions.
2. Impact: Potential for denial of service attacks.
3. Affected implementations (all Open-Source projects have been patched in 
latest versions):
   - RTPEngine
   - Asterisk
   - FreeSWITCH
   - Skype (PSTN)

4. Tested but not vulnerable:
   - Janus, Discord, Dolby.io, Facebook Messenger, Google Meet, LiveKit Meet, 
Webex, Zoho Meeting, Zoom, Mediasoup

5. Root cause: Not a specification bug, but a common implementation oversight.

Methodology:
- Extensive testing on open-source and proprietary WebRTC implementations
- Focus on media servers and popular communication platforms

This research expands on our previous blog post, providing more comprehensive 
details and analysis.

We invite the community to review our findings, methodology, and 
recommendations. Your feedback and further research into WebRTC security is 
welcome.

--
 
    Sandro Gauci, CEO at Enable Security GmbH

    Register of Companies:       AG Charlottenburg HRB 173016 B
    Company HQ:                       Neuburger Straße 101 b, 94036 Passau, 
Germany
    RTCSec Newsletter:               https://www.rtcsec.com/subscribe
    Our blog:                                https://www.rtcsec.com
    Other points of contact:       https://www.enablesecurity.com/contact/
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/