github.com/pion/webrtc is using an insecure certificate validation. A failed DTLS certificate verification does not fail data channel communication during PeerConnection handshake. The attack requires the attacker to have knowledge of the ICE password.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/pion/webrtc | le | 3.0.14 | |
github.com/pion/webrtc | le | 3.0.14 |