41 matches found
matrix-js-sdk can be tricked into disclosing E2EE room keys to a participating homeserver
Impact A logic error in the room key sharing functionality of matrix-js-sdk before 12.4.1 allows a malicious Matrix homeserver† participating in an encrypted room to steal room encryption keys from affected Matrix clients participating in that room. This allows the homeserver to decrypt end-to-en...
CVE-2021-40824
A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 aka Matrix SDK for Android before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were...
DEBIAN-CVE-2021-40823
A logic error in the room key sharing functionality of matrix-js-sdk aka Matrix Javascript SDK before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were originally sent by affected Matrix clients...
CVE-2021-40824
A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 aka Matrix SDK for Android before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were...
Code injection
A logic error in the room key sharing functionality of matrix-js-sdk aka Matrix Javascript SDK before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were originally sent by affected Matrix clients...
Code injection
A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 aka Matrix SDK for Android before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were...
CVE-2021-40823
A logic error in the room key sharing functionality of matrix-js-sdk aka Matrix Javascript SDK before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were originally sent by affected Matrix clients...
UBUNTU-CVE-2021-40823
A logic error in the room key sharing functionality of matrix-js-sdk aka Matrix Javascript SDK before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were originally sent by affected Matrix clients...
CVE-2021-40824
A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 aka Matrix SDK for Android before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were...
CVE-2021-40823
CVE-2021-40823 affects matrix-js-sdk and related Element client variants. A logic error in the room key sharing functionality prior to version 12.4.1 allows a malicious Matrix homeserver participating in an encrypted room to steal room encryption keys originally sent by affected clients, enabling...
CVE-2021-40823
A logic error in the room key sharing functionality of matrix-js-sdk aka Matrix Javascript SDK before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were originally sent by affected Matrix clients...
CVE-2021-40823
A logic error in the room key sharing functionality of matrix-js-sdk aka Matrix Javascript SDK before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were originally sent by affected Matrix clients...
CVE-2021-40823
A logic error in the room key sharing functionality of matrix-js-sdk aka Matrix Javascript SDK before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were originally sent by affected Matrix clients...
Element Android 加密问题漏洞
Element Android is the Android Matrix client provided by Element. A cryptographic issue vulnerability exists in Element Android prior to version 1.2.2 and matrix-android-sdk2 prior to version 1.2.2, which stems from a logic error in the device's room key sharing functionality that results in...
PT-2021-22960 · Cinny +5 · Cinny +7
Name of the Vulnerable Software and Affected Versions: matrix-js-sdk versions prior to 12.4.1 Element Web versions 1.8.2 and earlier Element Desktop versions 1.8.2 and earlier SchildiChat Web versions 1.7.32-sc1 and earlier SchildiChat Desktop versions 1.7.32-sc1 and earlier Cinny versions 1.2.0...
PT-2021-22961 · Element +2 · Element Android +2
Name of the Vulnerable Software and Affected Versions: Element Android versions prior to 1.2.2 matrix-android-sdk2 aka Matrix SDK for Android versions prior to 1.2.2 Description: A logic error in the room key sharing functionality allows a malicious Matrix homeserver present in an encrypted room ...
Matrix 加密问题漏洞
Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. A cryptographic issue vulnerability exists in versions of Matrix Javascript SDK prior to 12.4.1, which stems from a logic error in a device's room key sharing functionality that results in insufficient...
GnuTLS 资源管理错误漏洞
GnuTLS is a free secure communication library for implementing SSL, TLS and DTLS protocols. A security vulnerability exists in gnutls, which stems from the fact that free after-use of a client-sent key sharing extension may result in memory corruption and other consequences...
Popular secure chat APP TextSecure presence of“unknown key sharing attack”vulnerability-vulnerability warning-the black bar safety net
! TextSecure is Android platform a encrypted chat APP, this free APP is designed in order to guarantee communication privacy. This APP by Open WhisperSystems developed, the code completelyopen sourcesupport end-to-end SMS encryption. Looks very safe is not? Recently, however, from Germany's Ruhr...
SSH 1.2.x Secure-RPC Weak Encrypted Authentication Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2222/info SSH is a package designed to encrypt traffic between two end points using the IETF specified SSH protocol. The SSH1 package is distributed and maintained by SSH Communications Security. A problem exists which...