Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
When matrix-rust-sdk recieves forwarded room keys, the reciever doesn't check if it requested the key from the forwarder
Vulnerability Description
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room key, the software accepts it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.6 fixes this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Vulnerability Type
未进行实体认证的密钥交换
Vulnerability Title
Matrix 安全漏洞
Vulnerability Description
Matrix是一个雄心勃勃的新生态系统,用于开放联合即时消息和 VoIP。 Matrix matrix-sdk-crypto 0.5之前版本存在安全漏洞,该漏洞源于允许恶意家庭服务器在某些情况下将有效性有问题的房间密钥插入密钥存储区,从而可能有助于模拟攻击。
CVSS Information
N/A
Vulnerability Type
N/A