CVE-2021-40823Authentication Bypass by Spoofing in Javascript SDK

CWE-290Authentication Bypass by SpoofingCWE-200Sensitive Information ExposureCWE-327Use of a Broken or Risky Cryptographic Algorithm6 documents5 sources
Severity
5.9MEDIUMNVD
EPSS
0.3%
top 50.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Matrix Javascript SDKMatrix-org Matrix-js-sdk
Timeline
PublishedSep 13
Latest updateSep 14

Description

A logic error in the room key sharing functionality of matrix-js-sdk (aka Matrix Javascript SDK) before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room. This allows the homeserver to decrypt end-to-end encrypted messages sent by affected clients.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

NVDmatrix/javascript_sdk< 12.4.1

🔴Vulnerability Details

4
OSV
matrix-js-sdk can be tricked into disclosing E2EE room keys to a participating homeserver2021-09-14
GHSA
matrix-js-sdk can be tricked into disclosing E2EE room keys to a participating homeserver2021-09-14
OSV
CVE-2021-40823: A logic error in the room key sharing functionality of matrix-js-sdk (aka Matrix Javascript SDK) before 122021-09-13
CVEList
CVE-2021-40823: A logic error in the room key sharing functionality of matrix-js-sdk (aka Matrix Javascript SDK) before 122021-09-13

📋Vendor Advisories

1
Debian
CVE-2021-40823: node-matrix-js-sdk - A logic error in the room key sharing functionality of matrix-js-sdk (aka Matrix...2021
CVE-2021-40823 — Authentication Bypass by Spoofing | cvebase