Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion
Vulnerability Description
matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can allow, for example, to inject the key backup secret during a self-verification, to make a targeted device start using a malicious key backup spoofed by the homeserver. matrix-android-sdk2 would then additionally sign such a key backup with its device key, spilling trust over to other devices trusting the matrix-android-sdk2 device. These attacks are possible due to a protocol confusion vulnerability that accepts to-device messages encrypted with Megolm instead of Olm. matrix-android-sdk2 version 1.5.1 has been modified to only accept Olm-encrypted to-device messages and to stop signing backups on a successful decryption. Out of caution, several other checks have been audited or added. This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Vulnerability Type
未进行实体认证的密钥交换
Vulnerability Title
Matrix 安全漏洞
Vulnerability Description
Matrix是一个雄心勃勃的新生态系统,用于开放联合即时消息和 VoIP。 Matrix matrix-android-sdk2 1.5.1之前的版本存在安全漏洞,该漏洞源于其协议混淆问题导致与恶意主服务器合作的攻击者可以构建合法看似来自他人的消息,而没有任何指示(例如灰色盾牌)。
CVSS Information
N/A
Vulnerability Type
N/A