Quote:
Originally Posted by Milambar
Its not a flaw, actually. It's by design.
|
No, it's a flaw, caused by bad design.
Quote:
|
WebRTC was designed to enable peer to peer transfers and voice communication over the web. Both of which would be impossible without access to the machines real IP. Therefore WebRTC has to make the machines real IP available.
|
It absolutely does not need the machine's real IP and has no business using it. It works just fine with a correctly configured VPN IP.
Quote:
|
Its doing exactly what its meant to do.
|
Throwing your hard drive in a furnace is "doing exactly what its meant to do" - i.e. erasing the data - but that does not mean it's a good way to do it.
Quote:
|
I personally would class it as a vulnerability not a flaw.
|
Personally I would class it as a bug and/or faulty implementation.
Regardless, vulnerabilities
are flaws.
---------- Post added at 18:42 ---------- Previous post was at 18:41 ----------
Quote:
Originally Posted by Bobby Dazzler
This might be old news to you guys but check out this link, it tells you about a security flaw FOR VPN users.
VPN users are facing a massive security flaw as websites can easily see their home IP-addresses through WebRTC.
|
This is why I've always recommended anyone requiring absolute privacy, they should use a VPN hardened by a VM container. That makes it impossible for anything, including the OS itself to know any IP other than your VPN endpoint IP even exists.
To be fair anyone not using a "lazy" VPN and just using what we in IT used to consider as a 'normal' VPN would not be affected anyway. Sounds like it's really just a
proxy vulnerability. Normal VPNs would prevent a browser being able to send any internet traffic outside the configured VPN tunnel without resorting to some exotic hacks.