Impact
Upon media decryption failure the E2EE decryptor would let the media frames flow to decoders.
This lead to an integrity-compromising attack, where a rogue JVB could send non-E2EE media frames to the participants of an E2EE conference.
These participants would render the media as if it were E2EE.
Patches
Fixed in version 2.0.7830.
Workarounds
No, upgrading is necessary.
Reported by
Robertas Maleckas, ETH Zurich, Prof. Kenny Paterson, ETH Zurich, Prof. Martin Albrecht, Royal Holloway, University of London
For more information
Robertas Maleckas, ETH Zurich, Prof. Kenny Paterson, ETH Zurich, Prof. Martin Albrecht, Royal Holloway, University of London
Impact
Upon media decryption failure the E2EE decryptor would let the media frames flow to decoders.
This lead to an integrity-compromising attack, where a rogue JVB could send non-E2EE media frames to the participants of an E2EE conference.
These participants would render the media as if it were E2EE.
Patches
Fixed in version 2.0.7830.
Workarounds
No, upgrading is necessary.
Reported by
Robertas Maleckas, ETH Zurich, Prof. Kenny Paterson, ETH Zurich, Prof. Martin Albrecht, Royal Holloway, University of London
For more information
Robertas Maleckas, ETH Zurich, Prof. Kenny Paterson, ETH Zurich, Prof. Martin Albrecht, Royal Holloway, University of London