[SR-Users] Kamailio vulnerable to header smuggling possible due to bypass of remove_hf

[Daniel-Constantin Mierla]

Hello,

On 02.09.20 12:53, Gerry | Rigatta wrote:
> [...]
>
> I can only guess that Maxim took offence with your wording here, which
> can be understood as downplaying the risk
>>>
>>>     The *only* security risk in my opinion
>>>
please provide further details why is downplaying. Have you identified
another security risk? I would like to be aware of and also let the
others know. Or maybe something else is wrong in my statement, my
English is not native and likely not the best out there, I am eager to
learn from you and do better from the future.

Using custom header names to tighten or loose the security is a
per-deployment specific approach, expected that only an insider knows
it, but then such guy has probably access to more important sensitive
data (such as subscriber passwords, etc.).

Based on my review (I could be wrong of course, but I stated clear is my
opinion), none of the standard security related specs were where
impacted -- user authentication, routing, etc ... that's the reason the
bug lived for so long time.

Cheers,
Daniel

-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Funding: https://www.paypal.me/dcmierla

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20200902/eb69e2a1/attachment.htm>