Closed Bug 1169066 Opened 7 years ago Closed 7 years ago
RTC is leaking internal IP addresses without authorization
Reproduction: 1. Go to https://diafygi.github.io/webrtc-ips/ Actual result: * You see all your internal IP addresses * You see your public IP address, even if you have a proxy configured and "remote dns" enabled. Expected result: * I see an authorization prompt (similar to the one for access to mic and webcam) * Even then, internal IP addresses NEVER leak outside the internal network. Neither do public addresses, if I have a proxy configured. Severity: * This is critical for privacy. I route all my traffic through a proxy, for anonymization. This completely unveils me. * This is currently being used in a widespread attack on routers as a vector to find the router. Reportedly, the router attack works from a browser by just visiting a website. http://www.heise.de/newsticker/meldung/Exploit-Kit-greift-ueber-50-Router-Modelle-an-2665387.html (in German) Thus, this fulfills the criteria for Severity: Critical
ticking and unticking security flag, to make it appear in filters. This should not be hidden, because the exploit is already public.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 959893
You need to log in before you can comment on or make changes to this bug.