CVE-2023-23911
10.03.2023, 22:15
An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room.Enginsight
| Vendor | Product | Version |
|---|---|---|
| rocket.chat | rocket.chat | 𝑥 < 6.0.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-284 - Improper Access ControlThe software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
- CWE-326 - Inadequate Encryption StrengthThe software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.