Panorama/Voice Chat IP pulling issue 😬

[dweee]

Please describe your issue in as much detail as possible:

There seems to be a Panorama/voice chat related vulnerability going around which allows people to pull IP addresses of pre-game lobby members. I have no further information on how it works apart from the fact that it seems to be lobby voice chat related and that the game does this naturally without any external assistance.

Steps for reproducing this issue:

1. Be in a lobby with someone.
2. Run a packet sniffer/analyser of your choice. 2a. Speak in the lobby (usually works for me)
3. Look at the packets with the type CLASSIC-STUN
4. Search for any external IP address, look it up and it should be the public IP of the other person in your lobby. Or just watch this video

There are cheats and scripts for cheats that are being/have been developed to just extract this information straight for the game. This has apparently been in the game since the Scaleform days.

If this isn't fixed, which with my understanding would require the p2p pre-game lobby voice chat to either go through Valve or require for Valve to host some sort of server for this, could there be some sort of in-game option to disable the voice chat and any other functions which cause the IP leak to occur in the first place?

[CheesecakeCG]

As far as I can tell, this only works when you're friends and you have the "Steam Networking" setting configured to share your IP.