mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-08 06:06:44 +02:00
0xMarcio
886 B
886 B
CVE-2018-6608
Description
In the WebRTC component in Opera 51.0.2830.55, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request.
POC
Reference
- https://docs.google.com/spreadsheets/d/1Nm7mxfFvmdn-3Az-BtE5O0BIdbJiIAWUnkoAF_v_0ug/edit?usp=sharing
- https://voidsec.com/vpn-leak/
- https://www.bleepingcomputer.com/news/security/many-vpn-providers-leak-customers-ip-address-via-webrtc-bug/
Github
No PoCs found on GitHub currently.