Authorization bypass in Ant Media Server

Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for authorized users.  All versions up to 2.9.0 (tested) and possibly newer ones are believed to be vulnerable as the vendor has not confirmed releasing a patch.

N/A

使用假设不可变数据进行的认证绕过

Ant Media Server 安全漏洞

Ant Media Server是Ant Media开源的一款实时流媒体引擎软件。通过使用延迟约 0.5 秒的 WebRTC 技术提供自适应超低延迟流媒体。 Ant Media Server Community Edition 2.9.0之前版本存在安全漏洞，该漏洞源于容易受到基于不当HTTP标头的授权影响，从而导致可能使用仅为授权用户保留的非管理API调用。

N/A

N/A