2 matches found
matrix-sdk-crypto contains potential impersonation via room key forward responses
Impact When matrix-rust-sdk before 0.6 requests a room key from our devices, it correctly accepts key forwards only if they are a response to a previous request. However, it doesn't check that the device that responded matches the device the key was requested from. This allows a malicious...
GHSA-VP68-2WRM-69QM matrix-sdk-crypto contains potential impersonation via room key forward responses
Impact When matrix-rust-sdk before 0.6 requests a room key from our devices, it correctly accepts key forwards only if they are a response to a previous request. However, it doesn't check that the device that responded matches the device the key was requested from. This allows a malicious...