Matrix Discloses High-Severity Vulnerabilities in Encryption Key Sharing

CVE-2024-47080 & CVE-2024-47824

The Matrix.org Security Team has recently disclosed two high-severity vulnerabilities impacting the matrix-js-sdk and matrix-react-sdk. These vulnerabilities, related to MSC3061 (a specification for sharing room keys with new users), could potentially allow unauthorized access to encrypted message history.

Matrix, an open standard and communication protocol, enables seamless real-time communication between service providers, allowing users to chat, call, and conduct video telephony across different platforms.

The Vulnerabilities: CVE-2024-47080 and CVE-2024-47824

The core issue lies in how the matrix-js-sdk handled encryption keys when inviting new users to encrypted rooms. As explained in the security disclosure, “The implementation is provided by matrix-js-sdk, which incorrectly applied the same rules for sending existing keys to the invited user as for sending new keys, which allows them to be sent to unverified devices and unverified users.

This improper key sharing meant that historical message keys, which are more sensitive than new keys, could be exposed to untrusted parties. While the disclosure emphasizes that “there’s always some risk of key exposure to a server-side attacker when you’re interacting with unverified users, the risk is higher for historical keys.”

Affected Libraries and Remediation

The vulnerabilities impact the following versions:

  • matrix-js-sdk ≥ 9.11.0, < 34.8.0 (CVE-2024-47080)
  • matrix-react-sdk ≥ 3.18.0, < 3.102.0 (CVE-2024-47824)

The Matrix.org team has addressed these vulnerabilities in matrix-react-sdk version 3.102.0 and matrix-js-sdk version 34.8.0. Users are strongly urged to update to these versions immediately.

Interestingly, the disclosure notes that “the vulnerability is only present in the matrix-js-sdk when running the old, non-Rust encryption stack.” Clients using the Rust-based encryption stack are not affected.

Looking Ahead: Specification Changes and Best Practices

To prevent similar issues in the future, Matrix.org plans to revise the MSC3061 specification. This will “explicitly clarify that MSC3061 key forwarding should only forward keys to verified devices owned by verified users, ensuring that historical keys are never shared with untrusted devices.”

This move reinforces the importance of user verification in Matrix. By encouraging users to verify each other, Matrix aims to enhance overall security and prevent unauthorized access to encrypted communication.

Related Posts: