3 matches found
Matrix 资源管理错误漏洞
Matrix Synapse is a Matrix Management Server implementation from the Matrix Foundation in the UK. Matrix Synapse suffers from a security vulnerability that stems from the fact that if both Synapse and a malicious home server join the same room, the malicious home server can trick Synapse into...
Authentication Bypass
Matrix Android SDK 2 is vulnerable to authentication bypass. The vulnerability exists in onRoomKeyEvent function of DefaultCryptoService.kt due to lack of entity authentication for key forwarding strategy which allows an attacker to cooperate with a malicious home server...
CVE-2022-39257 Matrix iOS SDK vulnerable to impersonation via forwarded Megolm sessions
Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this m...