Logic Error in Room Key Sharing of Element Android by Matrix
CVE-2021-40824

5.9MEDIUM

Key Information:

Vendor: Matrix
Status: Element; Matrix-android-sdk2
Vendor: CVE Published:; 13 September 2021

What is CVE-2021-40824?

A logic error in the room key sharing functionality of Element Android and the Matrix SDK for Android allows a malicious Matrix homeserver in an encrypted room to manipulate protocol messages. This manipulation enables the attacker to steal room encryption keys originally sent by affected Matrix clients. Consequently, the attacker gains the ability to decrypt end-to-end encrypted messages transmitted by these clients, raising significant security concerns.

References

https://matrix.org/blog/2021/09/13/vulnerability-disclosu...

x_refsource_MISC

https://github.com/matrix-org/matrix-android-sdk2/release...

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 13, 2021
Vulnerability Reserved
Sep 9, 2021