The initial E2EE password generated by Rocket.Chat mobile can be recovered in a practical timescale.
High
R
Rocket.Chat
Submitted None
Team Summary
Official summary from Rocket.Chat
The E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient, allowing attackers to crack it if they have the appropriate time and resources. Special thanks to Hayato Kimura, Ryoma Ito, Kazuhiko Minematsu, and Takanori Isobe for their research.
Actions:
Reported by
h0011
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Use of Insufficiently Random Values