5.9

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-40824

GHSA ID

GHSA-jjmc-4p83-pp26

EPSS Score

0.47007%

CWE

CWE-327

Published

5/24/2022

Updated

8/18/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2021-40824

CVE-2021-40824:
Logic error in Matrix SDK for Android

A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 (aka Matrix SDK for Android) before 1.2.2 leads to a situation where identity verification is inadequate and thus a key-requesting device can be impersonated.

(GitHub Advisory)

5.9

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-40824

GHSA ID

GHSA-jjmc-4p83-pp26

EPSS Score

0.47007%

CWE

CWE-327

Published

5/24/2022

Updated

8/18/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.matrix.android:matrix-android-sdk2	maven	< 1.2.2	1.2.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper device identity verification during encryption key sharing. The patches show critical changes in how device authentication is handled:

MXMegolmEncryption.shareKeyWithDevices was modified to use full deviceInfo instead of separate user/device IDs when checking cryptoStore
SharedWithHelper and IMXCryptoStore interfaces were updated to require device identity keys in session tracking
Database queries in RealmCryptoStore now join with device identity keys
The migration adds deviceIdentityKey field to shared session records These changes indicate the original code paths used only user ID and device ID for authentication, allowing impersonation by malicious servers controlling those identifiers. The vulnerable functions would appear in profilers during key sharing operations when processing untrusted device claims.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* lo*i* *rror in t** room k*y s**rin* *un*tion*lity o* *l*m*nt *n*roi* ***or* *.*.* *n* m*trix-*n*roi*-s*k* (*k* M*trix S*K *or *n*roi*) ***or* *.*.* l***s to * situ*tion w**r* i**ntity v*ri*i**tion is in***qu*t* *n* t*us * k*y-r*qu*stin* **vi** **n

Reasoning

T** vuln*r**ility st*ms *rom improp*r **vi** i**ntity v*ri*i**tion *urin* *n*ryption k*y s**rin*. T** p*t***s s*ow *riti**l ***n**s in *ow **vi** *ut**nti**tion is **n*l**: *. MXM**olm*n*ryption.s**r*K*yWit***vi**s w*s mo*i*i** to us* *ull **vi**In*o

5.9

Basic Information

Concerned about an active attack path?

CVE-2021-40824: Logic error in Matrix SDK for Android

5.9

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2021-40824:
Logic error in Matrix SDK for Android

Vulnerability Intelligence
Miggo AI