mediasoup is vulnerable to Authentication Bypass
56
Medium Risk
mediasoup's built-in SCTP stack authenticates SCTP State Cookies using only hardcoded magic byte sequences (msworker and 0xAD81) instead of a per-instance secret and HMAC, violating RFC 9260. On a PlainTransport or PipeTransport with SCTP enabled and no SRTP/DTLS, an on-path attacker can craft a forged COOKIE-ECHO chunk that passes validation, establish an unauthorized SCTP association without the 4-way handshake, and inject DataChannel messages as a trusted peer. The received-packet CRC32c checksum was also never verified, so forged packets with any checksum were accepted. The fix adds a per-association random secret with an HMAC-SHA1 and freshness timestamp in the State Cookie gated by sctpOptions.requireAuthenticatedCookie, and validates the CRC32c checksum of received packets.
You are affected if you are using a version that falls within the vulnerable range and use PlainTransport or PipeTransport with SCTP enabled without SRTP/DTLS protection.
mediasoup is vulnerable to Authentication Bypass in versions 3.20.0 - 3.20.5.
Upgrade the mediasoup library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

I consent to receiving marketing communications based on Aikido’s Privacy Policy.
SOC 2Compliant
ISO 27001Compliant