Sandro Gauci, Enable Security
Jitsi Meet on Docker default passwords - how bad is it, how to detect and fix it
Last updated on Apr 20, 2020 in xmpp security, jitsi meet, research, webrtc security, default passwords
Executive summary (TL;DR) Jitsi Meet on Docker contained default passwords for important users, which could be abused to run administrative XMPP commands, including shutting down the server, changing the administrative password and loading Prosody modules. We also provide instructions on how to check for this issue if you administer a Jitsi Meet server. Background story A few days ago we noticed a tweet by @joernchen mentioning something that sounded familiar, Jitsi.…
Read more »Sandro Gauci, Enable Security
How we abused Slack’s TURN servers to gain access to internal services
Last updated on Apr 6, 2020 in webrtc security, bug bounty, research, stunner
Executive summary (TL;DR) Slack’s TURN server allowed relaying of TCP connections and UDP packets to internal Slack network and meta-data services on AWS. And we were awarded $3,500 for our bug-bounty report on HackerOne. A very brief introduction to the TURN protocol The Wikipedia page for this protocol is somewhat handy because it explains that: Traversal Using Relays around NAT (TURN) is a protocol that assists in traversal of network address translators (NAT) or firewalls for multimedia applications.…
Read more »