Vulnerabilities > CVE-2021-28681 - Incorrect Authorization vulnerability in Webrtc Project Webrtc

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

webrtc-project

CWE-863

NVD

Published: 2021-03-18

Updated: 2021-03-25

Summary

Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connection when certificate verification failed. The PeerConnectionState was set to failed, but a user could ignore that and continue to use the PeerConnection. )A WebRTC implementation shouldn't allow the user to continue if verification has failed.)

Vulnerable Configurations

Part	Description	Count
Application	Webrtc_Project Webrtc Project Webrtc -	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://github.com/pion/webrtc/issues/1708
https://github.com/pion/webrtc/security/advisories/GHSA-74xm-qj29-cq8p