Digest authentication no longer works

[vincyrei]

Context

Both binary and docker releases

Any commit since digest authentication was added

Environment

Any OS

Issue

Making any requests with digest authentication causes the following issue:

*   Trying 127.0.0.1:8554...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 8554 (#0)
* Server auth using Digest with user 'ubnt'
> DESCRIBE rtsp://ubnt:[email protected]:8554/live.sdp RTSP/1.0
CSeq: 1
Accept: application/sdp

< RTSP/1.0 401 Unauthorized
< CSeq: 1
< WWW-Authenticate: Digest realm="GStreamer RTSP Server", nonce="3034e78651e4e61e"
< Server: GStreamer RTSP server
< Date: Sun, 12 Jan 2020 09:36:53 GMT
<
* Connection #0 to host 127.0.0.1 left intact
* Issue another request to this URL: 'rtsp://ubnt:[email protected]:8554/live.sdp'
* Protocol "rtsp" not supported or disabled in libcurl
* Closing connection -1

* Protocol "rtsp" not supported or disabled in libcurl

While when using basic authentication or no authentication, streams are accessed without any issue, and this log never appears.

[vincyrei]

The problem remains only on digest authentication. also with the test on your RTSPAllTheThings tool.

[Ullaakut]

Since this issue is the most detailed out of the 3 describing the same issue, I'll keep this one and close the other ones as duplicates.

Currently the status on this issue is that I've spent a great deal of time trying to understand what's going on, and I'm completely dumbfounded. It turns out that even reverting to the original commit where digest auth was added, and where in the PR there were reproducible examples to verify that it worked, running the exact same commands no longer works on any of my machines.

I suspected a bug introduced in a recent version of curl, but that doesn't seem to be the case.

Modifying the code in any way in Cameradar didn't seem to solve this issue at all either. I guess I'll need to seek help from someone with more experience with curl, or to switch to another method for making RTSP requests altogether.

[Ullaakut]

So after some investigation and a bounty on stackoverflow, it seems like it's a curl issue: curl/curl#4750

A solution could be to download a specific curl version when building the binary in docker, but this means that building the binary manually (go build) will also require a specific curl version.

I'll write some fixes and documentation this weekend, and I'll try to help on fixing the issue in curl.

[Ullaakut]

I confirm that using an older curl version fixes the issue:

[vincyrei]

Perfect, thank you very much. I await your instructions. I can't wait to get the most out of your tool. Thanks again.

[Ullaakut]

Hi @vincyrei ! It should be fixed on master now, I'll push the fixed docker image to the repository now :)

You can run docker pull ullaakut/cameradar:latest in a few minutes and it should be working fine! Sorry about the time it took me to debug this issue 😅

[Ullaakut]

It's pushed on DockerHub under the tags latest, v4, v4.1 and v4.1.1, so feel free to docker pull one of those and try again :)

Also, if you prefer to use the binary version, just make sure that your version of the libcurl package is <7.66.0!

Let me know if it works for you, and thanks for your patience 🙏

[vincyrei]

Now it works great. In my case with a HIKVISION DS-2CD2345FWD-I camera I had to modify the parameters --attack-interval duration to avoid a problem like this: Perform failed for "rtsp: // admin: [email protected]: ​​554 /" ( auth 3): curl: Failure when receiving data from the peer.
Maybe it can be useful for other discussions. Thanks again I will let you know after other tests.

[Ullaakut]

@vincyrei Ah glad to hear that. It's interesting that you got this error and that the interval solved it. Is the camera you're accessing on the same network as the attacking host? Are you sure the network is reliable?

[vincyrei]

The host is on the same network. the network is reliable. I think it's a matter of speed of requests. probably due to a method of protection. it doesn't happen with other cameras. maybe a new hikvision firmware

[Ullaakut]

Ah, very interesting :) I'll try to get my hands on one of those to see if I can do smth about it :p

[jeretc]

i get something like this :

Perform failed: curl: Unsupported protocol

[Ullaakut]

@jeretc Which version of Cameradar are you using? This issue has been fixed in the latest version.

[jepunband]

It's pushed on DockerHub under the tags latest, v4, v4.1 and v4.1.1, so feel free to docker pull one of those and try again :)

Also, if you prefer to use the binary version, just make sure that your version of the libcurl package is <7.66.0!

Let me know if it works for you, and thanks for your patience 🙏

hi, do you have some information on how to install older libcurl. i installed cameradar using go. i have the same issue.

[Ullaakut]

Hi @jepunband

You can find download links to all curl versions at https://curl.se/download.html