2 matches found
Authentication Bypass
Matrix Android SDK 2 is vulnerable to authentication bypass. The vulnerability exists in onRoomKeyEvent function of DefaultCryptoService.kt due to lack of entity authentication for key forwarding strategy which allows an attacker to cooperate with a malicious home server...
CVE-2022-39249 Matrix Javascript SDK vulnerable to impersonation via forwarded Megolm sessions
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be...