Cookie Consent by Free Privacy Policy Generator website CVE-2022-39250 u

Portal Nachrichten

WIRKLICH FIXED: RSS feeds abonnieren!!!


➠ CVE-2022-39250

Matrix JavaScript SDK is the Matrix Client-Server software development kit (SDK) for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one of the users’ identities. This would lead to the other device trusting/verifying the user identity under the control of the homeserver instead of the intended one. The vulnerability is a bug in the matrix-js-sdk, caused by checking and signing user identities and devices in two separate steps, and inadequately fixing the keys to be signed between those steps. Even though the attack is partly made possible due to the design decision of treating cross-signing user identities as Matrix devices on the server side (with their device ID set to the public part of the user identity key), no other examined implementations were vulnerable. Starting with version 19.7.0, the matrix-js-sdk has been modified to double check that the key signed is the one that was verified instead of just referencing the key by ID. An additional check has been made to report an error when one of the device ID matches a cross-signing key. As this attack requires coordination between a malicious homeserver and an attacker, those who trust their homeservers do not need a particular workaround....


➦ Sicherheitslücken / Exploits ☆ web.nvd.nist.gov

➠ Komplette Nachricht lesen


Zur Startseite

➤ Ähnliche Beiträge für 'CVE-2022-39250'

The April 2022 Security Update Review

vom 652.61 Punkte
Another Patch Tuesday is upon, and Adobe and Microsoft have released a bevy of new security updates. Take a break from your regularly scheduled activities and join us as we review the details of their latest security offerings.Adobe Patches for April 2022For April, Ad

The August 2022 Security Update Review

vom 646.02 Punkte
It’s the second Tuesday of the month, and the last second Tuesday before Black Hat and DEFCON, which means Microsoft and Adobe have released their latest security fixes. Take a break from packing (if you’re headed to hacker summer camp) or your nor

The October 2022 Security Update Review

vom 449.19 Punkte
Another Patch Tuesday is here, and Adobe and Microsoft have released their latest crop of new security updates and fixes. Take a break from your regularly scheduled activities and join us as we review the details of their latest security offerings.Adobe Patches for

The March 2022 Security Update Review

vom 430.18 Punkte
It’s once again Patch Tuesday, which means the latest security updates from Adobe and Microsoft have arrived. Take a break from your regularly scheduled activities and join us as we review the details of their latest security offerings.Adobe Patches for

Year 2022 Streaming Wrap-Up

vom 427.18 Punkte
Welcome to a Year 2022 wrap-up by Timothy Spann. Best of 2022 I am responsible for spreading the good word of Apache Pulsar. I accomplish this by doing talks, meetups, articles, podcasts, videos, demos, repositories, newsletters, and other content. NYC Area Apache Pulsar meetup has grown to over 648.https://www.meetup.com/new-york-city-apache-pulsar-m

USN-3415-1: tcpdump vulnerabilities

vom 414.53 Punkte
Ubuntu Security Notice USN-3415-1 13th September, 2017 tcpdump vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixe

USN-3415-2: tcpdump vulnerabilities

vom 414.53 Punkte
Ubuntu Security Notice USN-3415-2 13th September, 2017 tcpdump vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in tcpdump Software description tcpdump

The September 2022 Security Update Review

vom 390.55 Punkte
Another Patch Tuesday is upon, and Adobe and Microsoft have released a bevy of new security updates. Take a break from your regularly scheduled activities and join us as we review the details of their latest security offerings.Adobe Patches for September 2022 For Sep

The July 2022 Security Update Review

vom 389.78 Punkte
It’s once again Patch Tuesday, which means the latest security updates from Adobe and Microsoft have arrived. Take a break from your regularly scheduled activities and join us as we review the details of their latest security offerings.Adobe Patches for

The February 2022 Security Update Review

vom 353.21 Punkte
It’s the second patch Tuesday of 2022, which means the latest security updates from Adobe and Microsoft are here. Take a break from your regularly scheduled activities and join us as we review the details of their latest security offerings.Adobe Patches for

The May 2022 Security Update Review

vom 333.89 Punkte
It’s the fifth second Tuesday of 2022, which also means it’s the also the fifth Patch Tuesday of the year, and it brings with it the latest security updates from Adobe and Microsoft. This is also the last release before Pwn2Own Vancouver, which means multiple participants will be holding their breath to see if their ex

The May 2022 Security Update Review

vom 333.89 Punkte
It’s the fifth second Tuesday of 2022, which also means it’s the also the fifth Patch Tuesday of the year, and it brings with it the latest security updates from Adobe and Microsoft. This is also the last release before Pwn2Own Vancouver, which means multiple participants will be holding their breath to see if their ex

Team Security Diskussion über CVE-2022-39250