In the WebRTC component in Opera 51.0.2830.55, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request.
References
Link | Resource |
---|---|
https://www.bleepingcomputer.com/news/security/many-vpn-providers-leak-customers-ip-address-via-webrtc-bug/ | Third Party Advisory |
https://voidsec.com/vpn-leak/ | Third Party Advisory |
https://news.ycombinator.com/item?id=16699270 | Issue Tracking |
https://github.com/VoidSec/WebRTC-Leak | Third Party Advisory |
https://docs.google.com/spreadsheets/d/1Nm7mxfFvmdn-3Az-BtE5O0BIdbJiIAWUnkoAF_v_0ug/edit?usp=sharing | Third Party Advisory |
Configurations
Information
Published : 2018-03-28 14:29
Updated : 2018-04-23 06:10
NVD link : CVE-2018-6608
Mitre link : CVE-2018-6608
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
opera
- opera_browser