Closed
Bug 1169066
Opened 9 years ago
Closed 9 years ago
WebRTC is leaking internal IP addresses without authorization
Categories
(Core :: WebRTC: Signaling, defect)
Core
WebRTC: Signaling
Tracking
()
RESOLVED
DUPLICATE
of bug 959893
People
(Reporter: BenB, Unassigned)
Details
Reproduction: 1. Go to https://diafygi.github.io/webrtc-ips/ Actual result: * You see all your internal IP addresses * You see your public IP address, even if you have a proxy configured and "remote dns" enabled. Expected result: * I see an authorization prompt (similar to the one for access to mic and webcam) * Even then, internal IP addresses NEVER leak outside the internal network. Neither do public addresses, if I have a proxy configured. Severity: * This is critical for privacy. I route all my traffic through a proxy, for anonymization. This completely unveils me. * This is currently being used in a widespread attack on routers as a vector to find the router. Reportedly, the router attack works from a browser by just visiting a website. http://www.heise.de/newsticker/meldung/Exploit-Kit-greift-ueber-50-Router-Modelle-an-2665387.html (in German) Thus, this fulfills the criteria for Severity: Critical
Reporter | ||
Comment 1•9 years ago
|
||
ticking and unticking security flag, to make it appear in filters. This should not be hidden, because the exploit is already public.
Group: core-security
Reporter | ||
Updated•9 years ago
|
Group: core-security
Updated•9 years ago
|
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•