REALM attribute value is not checked in the authorizaton request

GoogleCodeExporter commented 9 years ago

The TURN client must include REALM attribute in the authorization/authetication 
request to the TURN server, and the value of that attribute must be the same as 
the one returned from the TURN server to the TURN client. While the TURN server 
does check the existence of the REALM attribute, it does not check its value. 
This is not a significant security whole - but this is a deviation from the 
STUN/TURN authentication mechanism.

Original issue reported on code.google.com by mom040...@gmail.com on 18 Feb 2014 at 6:27

GoogleCodeExporter commented 9 years ago

It will be fixed in 3.2.2.8

Original comment by mom040...@gmail.com on 18 Feb 2014 at 6:27

Added labels: ****
Removed labels: ****

GoogleCodeExporter commented 9 years ago

Original comment by mom040...@gmail.com on 22 Feb 2014 at 8:32

Changed state: Fixed
Added labels: ****
Removed labels: ****

Izib / rfc5766-turn-server

REALM attribute value is not checked in the authorizaton request #104