#VU67745 Insufficient verification of data authenticity in Matrix Javascript SDK
Vulnerability identifier: #VU67745
Vulnerability risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-345
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Matrix Javascript SDK
Web applications /
JS libraries
Vendor: Matrix.org
Description
The vulnerability allows a remote attacker to bypass SAS verification.
The vulnerability exists due to checking and signing user identities and devices in two separate steps, and inadequately fixing the keys to be signed between these steps. A remote attacker cooperating with a malicious home server can interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one of the users’ identities, leading to the other device trusting/verifying the user identity under the control of the home server instead of the intended one.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Matrix Javascript SDK: 0.1.0 - 19.6.0
External links
http://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-5w8r-8pgj-5jmf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
