Avideo: Security issue for users

Created on 28 Jun 2020  路  3Comments  路  Source: WWBN/AVideo

Hello @DanielnetoDotCom

I had sent you an email on this subject which is really important I saw that you did not even take the time to look at or settle this problem which is really very serious

all information is in the source code of the page

there is data that is not secure, people can take information from a channel and broadcast on behalf of the user

to retrieve this information the user must be live

I show you pictures

as you can see I find the same information in the page source code

image

as you can see in the picture this is the key to the tream

image

with this information anyone could broadcast in place of the user

question
Source
picture syldri

All 3 comments

I don't know if you understand that everything that displays on your screen right now has been translated from HTML.
In other words , you can't prove or say this is a bridge when you're connected as admin or with an account . Try to get this information with other account .

Basically what you see on your right side of the picture , is the code on html/css to display the ''go live'' tab .

Right now if you inspect ''github'' , you will see
image

Does this means it's a bridge ? No , it's the data displayed in html/css form .

Just for your information , THE REAL key-stream is not the ''key'' , it's the RTMP-URL . Basically everything that comes after p=
p=password .

This is nginx , and to make real the key-stream , will require some other type of codding .

On the demo site , you can see all the key-stream of the live-streams on the javascript inspection .
image

You can call it bridge , when non-authorized users get the data that are not supposed to have , and not logged in users inspecting their own data .

akhilleusuggo picture akhilleusuggo on 28 Jun 2020
👍1

Hello @akhilleusuggo

I fully understand what I saw in the sourse code

I did tests with another user I do not see server URL:

we always see Stream name/key:

my problem is always information that should be hidden

in Europe it is forbidden to find anything on a user

syldri picture syldri on 28 Jun 2020

You're still mistaking things , GDPR has nothing to do here .

akhilleusuggo picture akhilleusuggo on 28 Jun 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

mikweb2017 picture mikweb2017  路  4Comments
ganddser picture ganddser  路  3Comments
matthall1998 picture matthall1998  路  4Comments
syldri picture syldri  路  3Comments
gamersalpha picture gamersalpha  路  3Comments