Re: Issue 1937 in bigbluebutton: Prevent re-use of join URL
13 views
Skip to first unread message
bigblu...@googlecode.com
May 16, 2015, 3:36:35 AM5/16/15
to bigbluebutton...@googlegroups.com
Updates:
Summary: Prevent re-use of join URL
Status: Accepted
Labels: -Type-Defect -Priority-Medium Type-Enhancement Priority-Low
Security
Comment #6 on issue 1937 by ffd...@gmail.com: Prevent re-use of join URL
https://code.google.com/p/bigbluebutton/issues/detail?id=1937
It should be possible to match the user with a session token, or to allow
the use of a join URL only once by the server.
We'll look at doing this as part of a future release. To understand how we
prioritize features, see
http://docs.bigbluebutton.org/support/faq.html#when-will-feature-x-be-implemented
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
Summary: Prevent re-use of join URL
Status: Accepted
Labels: -Type-Defect -Priority-Medium Type-Enhancement Priority-Low
Security
Comment #6 on issue 1937 by ffd...@gmail.com: Prevent re-use of join URL
https://code.google.com/p/bigbluebutton/issues/detail?id=1937
It should be possible to match the user with a session token, or to allow
the use of a join URL only once by the server.
We'll look at doing this as part of a future release. To understand how we
prioritize features, see
http://docs.bigbluebutton.org/support/faq.html#when-will-feature-x-be-implemented
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
bigblu...@googlecode.com
May 20, 2015, 7:43:24 AM5/20/15
to bigbluebutton...@googlegroups.com
Comment #7 on issue 1937 by guptavib...@gmail.com: Prevent re-use of join
URL
https://code.google.com/p/bigbluebutton/issues/detail?id=1937
Dear Team,
The newly reported vulnerability (Authentication Bypass) found in BigBlue
Button is actually founded and reported by the undersigned, although it was
communicated by Mr Rupesh in absence of mine. PoC will be shared to you, if
is it required for your future reference. PoC will contain the complete
testing methodology of the reported finding.
As you have already accepted that the reported finding is present in your
module and you will patch it and release the upgraded module with new
version. So, I request you to give some credits for motivating my skills,
it will be much beneficial for my career prospective.
I can also provide you the best solution for the reported finding.
Your response is highly appreciated.
With Best Regards,
Vibhor Gupta
InfoSec Consultant & Security Researcher
bigblu...@googlecode.com
Jun 26, 2015, 12:43:22 AM6/26/15
to bigbluebutton...@googlegroups.com
Comment #8 on issue 1937 by rupes...@gmail.com: Prevent re-use of join URL
https://code.google.com/p/bigbluebutton/issues/detail?id=1937
Dear Team
Vibhor Gupta is from auditing team. he reported the issue regarding
bigbluebutton vulnerability. finally we have removed presentation upload
module and made some changes in config.xml and get cleared from our
Auditing Dept.
Now we have setup our production server in which we able to handle 450+
user in single meeting session in presenter share mode plus moderator
webcam shared.
Reply all
Reply to author
Forward
0 new messages