When the user receives a forwarded room key, the software accepts it without
checking who the room key came from. This allows homeservers to try to insert
room keys of questionable validity, potentially mounting an impersonation attack.
CPE | Name | Operator | Version |
---|---|---|---|
matrix-sdk-crypto | lt | 0.6.0 |