Main Vulnerability Database SB2021021804

SB2021021804 - Cleartext transmission of sensitive information in Agora Video SDK

Published: February 18, 2021

Security Bulletin ID SB2021021804

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Cleartext transmission of sensitive information (CVE-ID: CVE-2020-25605)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker with ability to intercept network traffic can obtain access to audio and video of any ongoing Agora video call.

Remediation

Install update from vendor's website.

References

https://docs.agora.io/en/Agora%20Platform/downloads
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/dont-call-us-well-call-you-mcafee-atr-finds-vulnerability-in-agora-video-sdk/