3 matches found
matrix-js-sdk subject to user impersonation due to key/device identifier confusion in SAS verification
Impact An attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one of the users’ identities, leading to the other device trusting/verifying the user identity under the control of th...
CVE-2022-39250 Matrix JavaScript SDK vulnerable to key/device identifier confusion in SAS verification
Matrix JavaScript SDK is the Matrix Client-Server software development kit SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one o...
CVE-2022-39250 Matrix JavaScript SDK vulnerable to key/device identifier confusion in SAS verification
Matrix JavaScript SDK is the Matrix Client-Server software development kit SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one o...