You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The MXCrypto.eventDeviceInfo method, used to display several encryption decorations on the timeline, uses unsafe / plaintext fields of MXEvent to fetch a relevant device. These are easily spoofable by the homeserver, see code
A better approach is to use a sender_key that should match any of our previously created sessions with this device. To access this data / fetch device by its sender_key, relevant changes need to be made in rust crypto
The text was updated successfully, but these errors were encountered:
The
MXCrypto.eventDeviceInfomethod, used to display several encryption decorations on the timeline, uses unsafe / plaintext fields ofMXEventto fetch a relevant device. These are easily spoofable by the homeserver, see codeA better approach is to use a
sender_keythat should match any of our previously created sessions with this device. To access this data / fetch device by itssender_key, relevant changes need to be made in rust cryptoThe text was updated successfully, but these errors were encountered: