> I was thinking about preventing MITM attacker degrading auth to Basic.
> Currently any RTSP client is vulnerable to exposing full credentials in
> plain-text (almost), as there is no way to authenticate server first.
That’s a good point.
I’ve just installed a new version (2014.11.07) of the “LIVE555 Streaming Media”
software that adds a new method
RTSPClient::disallowBasicAuthentication()
that you can call on a “RTSPClient” object to disallow ‘basic’ authentication
if the server requests it.
Ross Finlayson
Live Networks, Inc.
http://www.live555.com/
_______________________________________________
live-devel mailing list
[email protected]
http://lists.live555.com/mailman/listinfo/live-devel
