1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. Security
  3. Security Lab
  4. Latest Threats
  5. Vulnerability Descriptions
  6. SA32771

Flash Media Server Video Stream Capture Security Issue

Report ID: SA32771
Source: Secunia
Date of Discovery: 18.11.2008
Criticality: Low
Affects:
Adobe Flash Media Server 3.x
Compromise From: From remote
Compromise Type: Security bypass

Summary

A security issue has been reported in Flash Media Server, which can be exploited by malicious people to capture content.

Detailed Description

A security issue has been reported in Flash Media Server, which can be exploited by malicious people to capture content.

The problem is that it is possible to establish RTMPE sessions to Flash Media Server when SWF verification is not enabled. This can be exploited to capture and archive delivered video.

The security issue is reported in version 3.0.

Solution

The vendor recommends using RTMPE or RTMPTE with SWF verification enabled.

CVE Reference

CVE-2008-5109