Cleartext transmission of sensitive information in Agora Video SDK prior to 3.1 allows a remote attacker to obtain access to audio and video of any ongoing Agora video call through observation of cleartext network traffic.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25605
Reference (s):
- https://docs.agora.io/en/Agora%20Platform/downloads
- https://www.mcafee.com/blogs/other-blogs/mcafee-labs/dont-call-us-well-call-you-mcafee-atr-finds-vulnerability-in-agora-video-sdk/