typpo / rfc5766-turn-server

Automatically exported from code.google.com/p/rfc5766-turn-server
1 stars 0 forks source link

REALM attribute value is not checked in the authorizaton request #104

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
The TURN client must include REALM attribute in the authorization/authetication 
request to the TURN server, and the value of that attribute must be the same as 
the one returned from the TURN server to the TURN client. While the TURN server 
does check the existence of the REALM attribute, it does not check its value. 
This is not a significant security whole - but this is a deviation from the 
STUN/TURN authentication mechanism.

Original issue reported on code.google.com by mom040...@gmail.com on 18 Feb 2014 at 6:27

GoogleCodeExporter commented 9 years ago
It will be fixed in 3.2.2.8

Original comment by mom040...@gmail.com on 18 Feb 2014 at 6:27

GoogleCodeExporter commented 9 years ago

Original comment by mom040...@gmail.com on 22 Feb 2014 at 8:32