CVE-2016-6271
HIGHlibbzrtp 1.0.x < 1.0.4 - Man-in-the-Middle Spoofing via Missing HVI Check on DHPart2 Packet
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2016-6271. PoCs published by gteissier.
AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2016-6271, demonstrating a man-in-the-middle attack against libbzrtp due to the absence of hash-commitment verification in the ZRTP protocol. The exploit includes Dockerized vulnerable and attacker components to simulate the attack scenario.
Description
The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception.
Exploits (1)
This repository contains a functional proof-of-concept exploit for CVE-2016-6271, demonstrating a man-in-the-middle attack against libbzrtp due to the absence of hash-commitment verification in the ZRTP protocol. The exploit includes Dockerized vulnerable and attacker components to simulate the attack scenario.
References (3)
Scores
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N