[webrtc-extensions] (How) should we mitigate error code exploits? (#70) from henbos via GitHub on 2021-02-24 (public-webrtc-logs@w3.org from February 2021)

From: henbos via GitHub <sysbot+gh@w3.org>
Date: Wed, 24 Feb 2021 08:46:42 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issues.opened-815257679-1614156401-sysbot+gh@w3.org>

henbos has just created a new issue for https://github.com/w3c/webrtc-extensions:

== (How) should we mitigate error code exploits? ==
As pointed out [here](https://github.com/w3c/webrtc-extensions/issues/52#issuecomment-784154437), error codes that help distinguish between "wrong credentials" and generic network error might help an attacker for example brute-forcing credentials.

pc.onicecandidateerror is an example of this.

What should we do?

Please view or discuss this issue at https://github.com/w3c/webrtc-extensions/issues/70 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 24 February 2021 08:46:45 UTC