all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Exploiting CVE-2022-0778, a bug in OpenSSL vis-à-vis WebRTC platforms

Add to bookmarks
April 8, 2022, 9:01 a.m. | info@enablesecurity.com (Enable Security)

Real-time communications security on Communication Breakdown - Real-Time Communications Security www.rtcsec.com

Executive summary (TL;DR) Exploiting CVE-2022-0778 in a WebRTC context requires that you get a few things right first. But once that is sorted, DoS (in RTC) is the new RCE!
How I got social engineered into looking at CVE-2022-0778 A few days ago, Philipp Hancke, self-proclaimed purveyor of the dark side of WebRTC, messaged me privately with a very simple question: “are you offering a DTLS scanner by chance?”
He explained how in the context of WebRTC it would be …

bug cve cve-2022-0778 openssl platforms webrtc

Visit resource

More from www.rtcsec.com / Real-time communications security on Communication Breakdown - Real-Time Communications Security

March 2024: Webex leak, WhatsApp and Apple WebRTC vulnerabilities 3 weeks ago | www.rtcsec.com
apple call end exploits +18
February 2024: manipulating audio using LLM, malware using CPaaS and WebRTC security 1 month, 2 weeks ago | www.rtcsec.com
audio community conversations cpaas +20
January 2024: Critical WebRTC, CUCM and SIP ALG security fixes - fuzz it all and … 2 months, 2 weeks ago | www.rtcsec.com
alg back chromium critical +20
December 2023: Round-up of this year's VoIP and WebRTC security news, and DTLS hello race … 3 months, 3 weeks ago | www.rtcsec.com
community december dtls emails +10
November 2023: Advisories for VoIP systems and devices, WebRTC privacy and spying on your calls 4 months, 2 weeks ago | www.rtcsec.com
arm asterisk caught communications +21
October 2023: security theatre and PBX hacking, plus last month's advisories 5 months, 3 weeks ago | www.rtcsec.com
con def def con end +11
September 2023: Security advisories, SIP & DTLS-SRTP interoperability and 5G infra attacks 6 months, 2 weeks ago | www.rtcsec.com
amp attack attacks delivery +20
August 2023: Join OpenSIPit, learn about Zoom, Skype vulnerabilities, and more 7 months, 2 weeks ago | www.rtcsec.com
august holidays hope latest +7
July 2023: VoIP and WebRTC attack surface, pentesting for 2023 and VoIP DDoS attacks 8 months, 3 weeks ago | www.rtcsec.com
attack attacks attack surface back +12

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Information Systems Security Officer (ISSO), Junior

@ Dark Wolf Solutions | Remote / Dark Wolf Locations
View on infosec-jobs.com

Cloud Security Engineer

@ ManTech | REMT - Remote Worker Location
View on infosec-jobs.com

SAP Security & GRC Consultant

@ NTT DATA | HYDERABAD, TG, IN
View on infosec-jobs.com

Security Engineer 2 - Adversary Simulation Operations

@ Datadog | New York City, USA
View on infosec-jobs.com
View more jobs