Hello,
I have identified a critical security vulnerability in ex_webrtc: after the DTLS Finished message exchange is completed, the program does not properly verify whether the peer certificate's fingerprint matches the fingerprint negotiated in the SDP. This vulnerability enables man-in-the-middle attacks and leads to the exposure of subsequent SRTP keys, among other severe consequences. The following is detailed information.
Version: Github commit edd7530
For observation purposes, we first inserted some logging functions (which do not affect normal program functionality):
lib/ex_webrtc/dtls_transport.ex
Running ex_webrtc:
docker pull elixir:1.17
docker rm -f exwebrtc-echo-8866 2>/dev/null || true
docker run --rm -d --name exwebrtc-echo-8866 \
-p 8866:8829 \
-v "$PWD:/work" \
-w /work/examples/echo \
elixir:1.17 \
bash -lc "mix local.hex --force && mix local.rebar --force && mix deps.get && mix run --no-halt"
PoC Verification Script:
We implemented a simple poc.py script as a proof of concept. This script tampers with the fingerprint in the SDP offer, intentionally causing a mismatch between the actual certificate hash and the SDP declaration:
aiortc_client.py
python aiortc_client.py --ws-url ws://127.0.0.1:8866/ws --run-seconds 3 --timeout 30 --tamper-offer-fingerprint
From the logging output, we discovered a critical issue: the logs show a=fingerprint:sha-256 00:00:... followed by Connection state changed: connected. This confirms that even when the peer forges the fingerprint, ex_webrtc performs no validation whatsoever, it still accepts the connection and proceeds with the negotiation normally.
Upon reviewing the code, we identified that the core issue resides in lib/ex_webrtc/dtls_transport.ex
Hello,
I have identified a critical security vulnerability in ex_webrtc: after the DTLS Finished message exchange is completed, the program does not properly verify whether the peer certificate's fingerprint matches the fingerprint negotiated in the SDP. This vulnerability enables man-in-the-middle attacks and leads to the exposure of subsequent SRTP keys, among other severe consequences. The following is detailed information.
Version: Github commit edd7530
For observation purposes, we first inserted some logging functions (which do not affect normal program functionality):
lib/ex_webrtc/dtls_transport.exRunning ex_webrtc:
PoC Verification Script:
We implemented a simple poc.py script as a proof of concept. This script tampers with the fingerprint in the SDP offer, intentionally causing a mismatch between the actual certificate hash and the SDP declaration:
aiortc_client.py
From the logging output, we discovered a critical issue: the logs show a=fingerprint:sha-256 00:00:... followed by Connection state changed: connected. This confirms that even when the peer forges the fingerprint, ex_webrtc performs no validation whatsoever, it still accepts the connection and proceeds with the negotiation normally.
Upon reviewing the code, we identified that the core issue resides in
lib/ex_webrtc/dtls_transport.ex