cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
962
Views
0
Helpful
3
Replies

proximity sessionid hijacking

onur temel
Level 1
Level 1

Hi all,

I am willing to deploy proximity feature to all VC endpoints. 

To analysis that in security, I used Burp Suite and faced sessionid is constant for 5 minutes.

if an attacker get this id, what would he do?

When I search on Google, there are some docs related with security issues but no answer for my question.

May I take your suggestions?

Thank you.

3 Replies 3

Ratheesh Kumar
VIP Alumni
VIP Alumni

Hi there

 

Does this help you?

 

https://community.cisco.com/t5/mobile-applications-documents/troubleshooting-guide-cisco-proximity/ta-p/3148841#toc-hId-981269133

 

How Cisco Proximity Works
When the Intelligent Proximity services are enabled on a video endpoint, an inaudible ultrasonic sound token will be played through the video system loudspeakers. The Cisco Proximity client application running on the mobile device will record this token through its integrated microphone. The token contains information on how to connect to the video system over the
network.
The mobile device will decode the token and try to establish a secure connection to the video system. To establish the connection, the mobile device needs to be able to reach the IPv4 address of the video system in the room on port 443 (HTTPS).

 

 

Intelligent Proximity.PNG

 

 

Hope this Helps

Cheers
Rath!
***Please rate helpful posts***

Hi Ratheesh,

Thanks for your reply. I followed that guide at the beginning.

But there is no answer for my question. 

Yes there is secure connection but session-id is clear and sniffable by Burp.

What would happen if an attacker got that?

This question seems self-evident: interception of the token would allow another user to exert proximity control over the endpoint for up to five minutes. Yes, the connection to the codec uses HTTPS but since codecs are typically using self-signed certificates the client doesn’t bother with certificate validation anyway.

Your concern seems predicated on your LAN/WLAN connection being compromised. TBH, this doesn’t strike me as the real concern: if your network traffic is being intercepted you have bigger problems than Proximity.