CVE-2024-42027
CVE-2024-42027
In short
Rocket.Chat Mobile versions before 4.5.1 generate weak encryption passwords that can be cracked by attackers with enough computing power and time. This weakens the security of end-to-end encrypted messages.
Technical detail
The E2EE password generation mechanism in Rocket.Chat Mobile prior to 4.5.1 fails to produce sufficient entropy, enabling brute-force attacks against the encryption key. An attacker with network access to encrypted traffic and adequate computational resources can feasibly recover the password within a reasonable timeframe, compromising message confidentiality.
Summary generated and translated by AI from the official description.
The E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient, allowing attackers to crack it if they have the appropriate time and resources.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
Affected products
Rocket.Chat · MobileWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://hackerone.com/reports/2546437