NA

CVE-2021-40823

Published: 13/09/2021 Updated: 14/09/2021

Vulnerability Summary

A logic error in the room key sharing functionality of matrix-js-sdk (aka Matrix Javascript SDK) prior to 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room. This allows the homeserver to decrypt end-to-end encrypted messages sent by affected clients.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vendor Advisories

Arch Linux Security Advisory ASA-202109-5 ========================================= Severity: High Date : 2021-09-14 CVE-ID : CVE-2021-40823 Package : element-web Type : information disclosure Remote : Yes Link : securityarchlinuxorg/AVG-2377 Summary ======= The package element-web before version 184-1 is vulnerable to inf ...
Arch Linux Security Advisory ASA-202109-4 ========================================= Severity: High Date : 2021-09-14 CVE-ID : CVE-2021-40823 Package : element-desktop Type : information disclosure Remote : Yes Link : securityarchlinuxorg/AVG-2377 Summary ======= The package element-desktop before version 184-1 is vulnerabl ...
A security has been found in matrix-js-sdk before version 1241, as used by Element Web/Desktop before version 184 In certain circumstances it may be possible to trick vulnerable clients into disclosing encryption keys for messages previously sent by that client to user accounts later compromised by an attacker Exploiting this vulnerability t ...