Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[E2EE] Device list tracking vulnerable to device ID reuse attacks #131

Closed
turt2live opened this issue Aug 1, 2021 · 0 comments
Closed

[E2EE] Device list tracking vulnerable to device ID reuse attacks #131

turt2live opened this issue Aug 1, 2021 · 0 comments
Labels
bug Something isn't working e2ee Issue relating to encryption

Comments

@turt2live
Copy link
Owner

We validate that the device ID isn't reused, but remove it from the device list set for the user. This means that we end up not storing it after we wipe the user's devices from the table. Thus, the second time the device ID is reused we end up treating it as a new device.
@turt2live turt2live added bug Something isn't working e2ee Issue relating to encryption labels Aug 1, 2021
@turt2live turt2live mentioned this issue Aug 7, 2021
Closed
26 tasks
turt2live added a commit that referenced this issue Aug 17, 2021
@turt2live
Protect against double device reuse
19b09bf 
Fixes #131
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working e2ee Issue relating to encryption
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@turt2live