User Binding Request with credentials in Lync Dump

Question

I've dumped a call between two lync clients and saw that there were some UDP packets that look like this:

Server -> Client

1132    14.495362000    <serverip> <clientip>   STUN    146 Binding Request user: ????:????

Client -> Server:

1133    14.499136000    <clientip>  <serverip>  STUN    130 Binding Success Response XOR-MAPPED-ADDRESS: <serverip>:54019 user: ????:????

????:???? - ? is a character from the alphabet

If I read the RFC correctly this is not a security issue, is that correct?

score 1 · Answer 1 · edited Oct 07 '21 at 06:58

IIRC, you need to enable MESSAGE-INTEGRITY mode for it to be secure. MESSAGE-INTEGRITY needs to enabled and supported on your STUN/TURN server.

Take a look at Microsoft's TURN/STUN RFC https://www.rfc-editor.org/rfc/rfc5766

Without MESSAGE-INTEGRITY, depending on the level of access of the attacker, a relfection attack might possible.

Disclaimer: It's been a while since I've dealt with Windows

1 Answers1